This documentation is for not yet released version of vendir. For the documentation of the latest release version, see the latest version.
vendir.yml spec
apiVersion: vendir.k14s.io/v1alpha1
kind: Config
# declaration of minimum required vendir binary version (optional)
minimumRequiredVersion: 0.8.0
# one or more directories to manage with vendir
directories:
- # path is relative to `vendir` CLI working directory
path: config/_ytt_lib
# set the permissions for this directory (optional; v0.33.0+)
# by default directories will be created with 0700
# can be provided as octal, in which case it needs to be prefixed with a `0`
permissions: 0700
contents:
- # path lives relative to directory path # (required)
path: github.com/cloudfoundry/cf-k8s-networking
# skip fetching if the config for this path has not changed since the last sync
# optional, `false` by default, available since v0.36.0
# use `vendir sync --lazy=false` to forcefully sync when needed
lazy: true
# uses git to clone Git repository (optional)
git:
# http or ssh urls are supported (required)
url: https://github.com/cloudfoundry/cf-k8s-networking
# branch, tag, commit; origin is the name of the remote (required)
# optional if refSelection is specified (available in v0.11.0+)
ref: origin/master
# depth of commits to fetch; 0 (default) means everything (optional; v0.29.0+)
depth: 1
# specifies a strategy to resolve to an explicit ref (optional; v0.11.0+)
refSelection:
semver:
# list of semver constraints (see versions.md for details) (required)
constraints: ">0.4.0"
# by default prerelease versions are not included (optional; v0.12.0+)
prereleases:
# select prerelease versions that include given identifiers (optional; v0.12.0+)
identifiers: [beta, rc]
# skip downloading lfs files (optional)
lfsSkipSmudge: false
# skip SSL/TLS verification (optional)
dangerousSkipTLSVerify: false
# skip initializing any git submodules (optional; v0.28.0+)
skipInitSubmodules: false
# verify gpg signatures on commits or tags (optional; v0.12.0+)
verification:
publicKeysSecretRef:
name: my-git-gpg-auth
# specifies name of a secret with auth details;
# secret may include 'ssh-privatekey', 'ssh-knownhosts',
# 'username', 'password' keys (optional)
secretRef:
# (required)
name: my-git-auth
# uses hg to clone Mercurial repository (optional; v0.22.0+)
hg:
# http or ssh urls are supported (required)
url: https://hg.sr.ht/~sircmpwn/hg.sr.ht
# branch, tag, commit (required)
ref: 180c776fe29448afa8c756ab572bab7a1cf17a06
# specifies name of a secret with auth details;
# secret may include 'ssh-privatekey', 'ssh-knownhosts',
# 'username', 'password' keys (optional)
secretRef:
# (required)
name: my-hg-auth
# fetches asset over HTTP (optional)
http:
# asset URL (required)
url:
# verification checksum (optional)
sha256: ""
# specifies name of a secret with basic auth details;
# secret may include 'username', 'password' keys (optional)
secretRef:
# (required)
name: my-http-auth
# skip unpacking tar, tgz, and zip files; by default files are unpacked (optional)
disableUnpack: false
# fetches asset from an image registry (optional; v0.11.0+)
image:
# image URL; could be plain, tagged or digest reference (required)
url: gcr.io/repo/image:v1.0.0
# specifies a strategy to choose a tag (optional; v0.22.0+)
# if specified, do not include a tag in url key
tagSelection:
semver:
# list of semver constraints (see versions.md for details) (required)
constraints: ">0.4.0"
# by default prerelease versions are not included (optional; v0.12.0+)
prereleases:
# select prerelease versions that include given identifiers (optional; v0.12.0+)
identifiers: [beta, rc]
# specifies name of a secret with registry auth details;
# secret may include 'username', 'password' and/or 'token' keys;
# as of v0.19.0+, dockerconfigjson secrets are also supported (optional)
# of of v0.22.0+, multiple registry credentials are supported and
# are passed to imgpkg via env. registry hostname must match url
# for auth information to be chosen by imgpkg.
# (https://carvel.dev/imgpkg/docs/latest/auth/#via-environment-variables)
secretRef:
# (required)
name: my-image-auth
# specify wether to skip TLS verification; defaults to false (optional;v0.18.0+)
dangerousSkipTLSVerify: false
# specify the response timeout in seconds for imgpkg when querying the registry; defaults to 30 (optional; v0.40.0+)
responseHeaderTimeout: 30
# fetches imgpkg bundle from an image registry (optional; v0.16.0+)
imgpkgBundle:
# could be plain, tagged or digest reference (required)
image: gcr.io/repo/bundle:v1.0.0
# specifies a strategy to choose a tag (optional; v0.22.0+)
# if specified, do not include a tag in image key
tagSelection:
semver:
# list of semver constraints (see versions.md for details) (required)
constraints: ">0.4.0"
# by default prerelease versions are not included (optional; v0.12.0+)
prereleases:
# select prerelease versions that include given identifiers (optional; v0.12.0+)
identifiers: [beta, rc]
# specifies name of a secret with registry auth details;
# secret may include 'username', 'password' and/or 'token' keys;
# as of v0.19.0+, dockerconfigjson secrets are also supported (optional)
# of of v0.22.0+, multiple registry credentials are supported and
# are passed to imgpkg via env. registry hostname must match image
# for auth information to be chosen by imgpkg.
# (https://carvel.dev/imgpkg/docs/latest/auth/#via-environment-variables)
secretRef:
# (required)
name: my-image-auth
# specify wether to skip TLS verification; defaults to false (optional;v0.18.0+)
dangerousSkipTLSVerify: false
# specify the response timeout in seconds for imgpkg when querying the registry; defaults to 30 (optional; v0.40.0+)
responseHeaderTimeout: 30
# fetches assets from a github release (optional)
githubRelease:
# slug for repository (org/repo) (required)
slug: k14s/kapp-controller
# use release tag (optional)
# optional if tagSelection is specified (available in v0.22.0+)
tag: v0.1.0
# specifies a strategy to choose a tag (optional; v0.22.0+)
tagSelection:
semver:
# list of semver constraints (see versions.md for details) (required)
constraints: ">0.4.0"
# by default prerelease versions are not included (optional; v0.12.0+)
prereleases:
# select prerelease versions that include given identifiers (optional; v0.12.0+)
identifiers: [beta, rc]
# use latest published version (optional)
latest: true
# use exact release URL (optional)
url: https://api.github.com/repos/k14s/kapp-controller/releases/21912613
# only download specific assets (optional; v0.12.0+)
assetNames: ["release*.yml"]
# checksums for downloaded files (optional)
# (if release text body contains checksums, it's not necessary
# to manually specify them here)
checksums:
release.yml: 26bf09c42d72ae448af3d1ee9f6a933c87c4ec81d04d37b30e1b6a339f5983a7
# disables checking auto-found checksums for downloaded files (optional)
# (checksums are extracted from release's text body
# based on following format `<sha256> <filename>`)
disableAutoChecksumValidation: true
# specifies which archive to unpack for contents (optional)
unpackArchive:
# (required)
path: release.tgz
# specifies name of a secret with github auth details;
# secret may include 'token' key (optional)
secretRef:
# (required)
name: my-gh-auth
# Used to create the URL of the asset to download the metadata
# from the Github Release. (optional)
http:
# The url parameter of http can interpolate the tag of the GitHub release using the {tag} token.
url: https://dl.k8s.io/release/{tag}/bin/linux/amd64/kubectl
# fetch Helm chart contents (optional; v0.11.0+)
helmChart:
# chart name (required)
name: stable/redis
# use specific chart version (string; optional)
version: "1.2.1"
# specifies Helm repository to fetch from (optional)
repository:
# repository url; supports exprimental oci helm fetch via
# oci:// scheme (required)
url: https://...
# specifies name of a secret with helm repo auth details;
# secret may include 'username', 'password';
# as of v0.19.0+, dockerconfigjson secrets are also supported (optional)
# as of v0.22.0+, 0 or 1 auth credential is expected within dockerconfigjson secret
# if >1 auth creds found, error will be returned. (currently registry hostname
# is not used when found in provide auth credential.)
secretRef:
# (required)
name: my-helm-auth
# specify helm binary version to use;
# '3' means binary 'helm3' needs to be on the path (optional)
helmVersion: "3"
# copy contents from local directory (optional)
directory:
# local file system path relative to vendir.yml
path: some-path
# states that directory specified by above path
# is managed by hand; nothing to do for vendir (optional)
manual: {}
# specify contents inline within this file (optional; v0.11.0+)
inline:
# specifies mapping of paths to their content (optional)
paths:
dir/file.ext: file-content
# specifies content via secrets and config maps (optional)
pathsFrom:
- secretRef:
# (required)
name: secret-name
# specifies where to place files found in secret (optional)
directoryPath: dir
- configMapRef:
# (required)
name: cfgmap-name
# specifies where to place files found in config map (optional)
directoryPath: dir
# includes paths specify what should be included. by default
# all paths are included (optional)
includePaths:
- cfroutesync/crds/**/*
- install/ytt/networking/**/*
# exclude paths are "placed" on top of include paths (optional)
excludePaths: []
# specifies paths to files that need to be includes for
# legal reasons such as LICENSE file. Defaults to few
# LICENSE, NOTICE and COPYRIGHT variations (optional)
legalPaths: []
# make subdirectory to be new root path within this asset (optional; v0.11.0+)
newRootPath: cfroutesync
# set the permissions for this content directory (optional; v0.33.0+)
# by default content directories will be created with 0700
# can be provided as octal, in which case it needs to be prefixed with a `0`
permissions: 0700
(Help improve our docs: edit this page on GitHub)