k8s_crds_helm_controller/

helmcharts.rs

// WARNING: generated by kopium - manual changes will be overwritten
// kopium command: kopium -f helmcharts.yml --schema=derived --docs -b --derive=Default --derive=PartialEq --smart-derive-elision
// kopium version: 0.21.2

#[allow(unused_imports)]
mod prelude {
    pub use k8s_openapi::apimachinery::pkg::util::intstr::IntOrString;
    pub use kube_derive::CustomResource;
    #[cfg(feature = "schemars")]
    pub use schemars::JsonSchema;
    pub use serde::{Deserialize, Serialize};
    pub use std::collections::BTreeMap;
    #[cfg(feature = "builder")]
    pub use typed_builder::TypedBuilder;
}
use self::prelude::*;

/// HelmChartSpec represents the user-configurable details for installation and upgrade of a Helm chart release.
#[derive(CustomResource, Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
#[cfg_attr(not(feature = "schemars"), kube(schema = "disabled"))]
#[kube(
    group = "helm.cattle.io",
    version = "v1",
    kind = "HelmChart",
    plural = "helmcharts"
)]
#[kube(namespaced)]
#[kube(status = "HelmChartStatus")]
#[kube(derive = "Default")]
#[kube(derive = "PartialEq")]
pub struct HelmChartSpec {
    /// Pass Basic auth credentials to all domains.
    /// Helm CLI positional argument/flag: `--pass-credentials`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "authPassCredentials"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub auth_pass_credentials: Option<bool>,
    /// Reference to Secret of type kubernetes.io/basic-auth holding Basic auth credentials for the Chart repo.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "authSecret"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub auth_secret: Option<HelmChartAuthSecret>,
    /// Specify the number of retries before considering the helm job failed.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "backOffLimit"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub back_off_limit: Option<i32>,
    /// Set to True if this chart is needed to bootstrap the cluster (Cloud Controller Manager, CNI, etc).
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub bootstrap: Option<bool>,
    /// Helm Chart name in repository, or complete HTTPS URL to chart archive (.tgz)
    /// Helm CLI positional argument/flag: `CHART`
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub chart: Option<String>,
    /// Base64-encoded chart archive .tgz; overides `.spec.chart` and `.spec.version`.
    /// Helm CLI positional argument/flag: `CHART`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "chartContent"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub chart_content: Option<String>,
    /// Create target namespace if not present.
    /// Helm CLI positional argument/flag: `--create-namespace`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "createNamespace"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub create_namespace: Option<bool>,
    /// Reference to Secret of type kubernetes.io/dockerconfigjson holding Docker auth credentials for the OCI-based registry acting as the Chart repo.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "dockerRegistrySecret"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub docker_registry_secret: Option<HelmChartDockerRegistrySecret>,
    /// Configures handling of failed chart installation or upgrades.
    /// - `reinstall` will perform a clean uninstall and reinstall of the chart.
    /// - `abort` will take no action and leave the chart in a failed state so that the administrator can manually resolve the error.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "failurePolicy"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub failure_policy: Option<HelmChartFailurePolicy>,
    /// DEPRECATED. Helm version to use. Only v3 is currently supported.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "helmVersion"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub helm_version: Option<String>,
    /// Skip TLS certificate checks for the chart download.
    /// Helm CLI positional argument/flag: `--insecure-skip-tls-verify`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "insecureSkipTLSVerify"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub insecure_skip_tls_verify: Option<bool>,
    /// Specify the image to use for tht helm job pod when installing or upgrading the helm chart.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "jobImage")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub job_image: Option<String>,
    /// Use insecure HTTP connections for the chart download.
    /// Helm CLI positional argument/flag: `--plain-http`
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "plainHTTP")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub plain_http: Option<bool>,
    /// Custom PodSecurityContext for the helm job pod.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "podSecurityContext"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub pod_security_context: Option<HelmChartPodSecurityContext>,
    /// Helm Chart repository URL.
    /// Helm CLI positional argument/flag: `--repo`
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub repo: Option<String>,
    /// Verify certificates of HTTPS-enabled servers using this CA bundle. Should be a string containing one or more PEM-encoded CA Certificates.
    /// Helm CLI positional argument/flag: `--ca-file`
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "repoCA")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub repo_ca: Option<String>,
    /// Reference to a ConfigMap containing CA Certificates to be be trusted by Helm. Can be used along with or instead of `.spec.repoCA`
    /// Helm CLI positional argument/flag: `--ca-file`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "repoCAConfigMap"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub repo_ca_config_map: Option<HelmChartRepoCaConfigMap>,
    /// custom SecurityContext for the helm job pod.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "securityContext"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub security_context: Option<HelmChartSecurityContext>,
    /// Override simple Chart values. These take precedence over options set via valuesContent.
    /// Helm CLI positional argument/flag: `--set`, `--set-string`
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub set: Option<BTreeMap<String, IntOrString>>,
    /// Set to True if helm should take ownership of existing resources when installing/upgrading the chart.
    /// Helm CLI positional argument/flag: `--take-ownership`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "takeOwnership"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub take_ownership: Option<bool>,
    /// Helm Chart target namespace.
    /// Helm CLI positional argument/flag: `--namespace`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "targetNamespace"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub target_namespace: Option<String>,
    /// Timeout for Helm operations.
    /// Helm CLI positional argument/flag: `--timeout`
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub timeout: Option<String>,
    /// Override complex Chart values via inline YAML content.
    /// Helm CLI positional argument/flag: `--values`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "valuesContent"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub values_content: Option<String>,
    /// Override complex Chart values via references to external Secrets.
    /// Helm CLI positional argument/flag: `--values`
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "valuesSecrets"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub values_secrets: Option<Vec<HelmChartValuesSecrets>>,
    /// Helm Chart version. Only used when installing from repository; ignored when .spec.chart or .spec.chartContent is used to install a specific chart archive.
    /// Helm CLI positional argument/flag: `--version`
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub version: Option<String>,
}

/// Reference to Secret of type kubernetes.io/basic-auth holding Basic auth credentials for the Chart repo.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartAuthSecret {
    /// Name of the referent.
    /// This field is effectively required, but due to backwards compatibility is
    /// allowed to be empty. Instances of this type with an empty value here are
    /// almost certainly wrong.
    /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub name: Option<String>,
}

/// Reference to Secret of type kubernetes.io/dockerconfigjson holding Docker auth credentials for the OCI-based registry acting as the Chart repo.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartDockerRegistrySecret {
    /// Name of the referent.
    /// This field is effectively required, but due to backwards compatibility is
    /// allowed to be empty. Instances of this type with an empty value here are
    /// almost certainly wrong.
    /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub name: Option<String>,
}

/// HelmChartSpec represents the user-configurable details for installation and upgrade of a Helm chart release.
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub enum HelmChartFailurePolicy {
    #[serde(rename = "abort")]
    Abort,
    #[serde(rename = "reinstall")]
    Reinstall,
}

/// Custom PodSecurityContext for the helm job pod.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartPodSecurityContext {
    /// appArmorProfile is the AppArmor options to use by the containers in this pod.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "appArmorProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub app_armor_profile: Option<HelmChartPodSecurityContextAppArmorProfile>,
    /// A special supplemental group that applies to all containers in a pod.
    /// Some volume types allow the Kubelet to change the ownership of that volume
    /// to be owned by the pod:
    ///
    /// 1. The owning GID will be the FSGroup
    /// 2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
    /// 3. The permission bits are OR'd with rw-rw----
    ///
    /// If unset, the Kubelet will not modify the ownership and permissions of any volume.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "fsGroup")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub fs_group: Option<i64>,
    /// fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
    /// before being exposed inside Pod. This field will only apply to
    /// volume types which support fsGroup based ownership(and permissions).
    /// It will have no effect on ephemeral volume types such as: secret, configmaps
    /// and emptydir.
    /// Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "fsGroupChangePolicy"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub fs_group_change_policy: Option<String>,
    /// The GID to run the entrypoint of the container process.
    /// Uses runtime default if unset.
    /// May also be set in SecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence
    /// for that container.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "runAsGroup"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_group: Option<i64>,
    /// Indicates that the container must run as a non-root user.
    /// If true, the Kubelet will validate the image at runtime to ensure that it
    /// does not run as UID 0 (root) and fail to start the container if it does.
    /// If unset or false, no such validation will be performed.
    /// May also be set in SecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "runAsNonRoot"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_non_root: Option<bool>,
    /// The UID to run the entrypoint of the container process.
    /// Defaults to user specified in image metadata if unspecified.
    /// May also be set in SecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence
    /// for that container.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_user: Option<i64>,
    /// seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod.
    /// It has no effect on nodes that do not support SELinux or to volumes does not support SELinux.
    /// Valid values are "MountOption" and "Recursive".
    ///
    /// "Recursive" means relabeling of all files on all Pod volumes by the container runtime.
    /// This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node.
    ///
    /// "MountOption" mounts all eligible Pod volumes with `-o context` mount option.
    /// This requires all Pods that share the same volume to use the same SELinux label.
    /// It is not possible to share the same volume among privileged and unprivileged Pods.
    /// Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes
    /// whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their
    /// CSIDriver instance. Other volumes are always re-labelled recursively.
    /// "MountOption" value is allowed only when SELinuxMount feature gate is enabled.
    ///
    /// If not specified and SELinuxMount feature gate is enabled, "MountOption" is used.
    /// If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes
    /// and "Recursive" for all other volumes.
    ///
    /// This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers.
    ///
    /// All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "seLinuxChangePolicy"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub se_linux_change_policy: Option<String>,
    /// The SELinux context to be applied to all containers.
    /// If unspecified, the container runtime will allocate a random SELinux context for each
    /// container.  May also be set in SecurityContext.  If set in
    /// both SecurityContext and PodSecurityContext, the value specified in SecurityContext
    /// takes precedence for that container.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "seLinuxOptions"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub se_linux_options: Option<HelmChartPodSecurityContextSeLinuxOptions>,
    /// The seccomp options to use by the containers in this pod.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "seccompProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub seccomp_profile: Option<HelmChartPodSecurityContextSeccompProfile>,
    /// A list of groups applied to the first process run in each container, in
    /// addition to the container's primary GID and fsGroup (if specified).  If
    /// the SupplementalGroupsPolicy feature is enabled, the
    /// supplementalGroupsPolicy field determines whether these are in addition
    /// to or instead of any group memberships defined in the container image.
    /// If unspecified, no additional groups are added, though group memberships
    /// defined in the container image may still be used, depending on the
    /// supplementalGroupsPolicy field.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "supplementalGroups"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub supplemental_groups: Option<Vec<i64>>,
    /// Defines how supplemental groups of the first container processes are calculated.
    /// Valid values are "Merge" and "Strict". If not specified, "Merge" is used.
    /// (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled
    /// and the container runtime must implement support for this feature.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "supplementalGroupsPolicy"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub supplemental_groups_policy: Option<String>,
    /// Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
    /// sysctls (by the container runtime) might fail to launch.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub sysctls: Option<Vec<HelmChartPodSecurityContextSysctls>>,
    /// The Windows specific settings applied to all containers.
    /// If unspecified, the options within a container's SecurityContext will be used.
    /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
    /// Note that this field cannot be set when spec.os.name is linux.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "windowsOptions"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub windows_options: Option<HelmChartPodSecurityContextWindowsOptions>,
}

/// appArmorProfile is the AppArmor options to use by the containers in this pod.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartPodSecurityContextAppArmorProfile {
    /// localhostProfile indicates a profile loaded on the node that should be used.
    /// The profile must be preconfigured on the node to work.
    /// Must match the loaded name of the profile.
    /// Must be set if and only if type is "Localhost".
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "localhostProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub localhost_profile: Option<String>,
    /// type indicates which kind of AppArmor profile will be applied.
    /// Valid options are:
    ///   Localhost - a profile pre-loaded on the node.
    ///   RuntimeDefault - the container runtime's default profile.
    ///   Unconfined - no AppArmor enforcement.
    #[serde(rename = "type")]
    pub r#type: String,
}

/// The SELinux context to be applied to all containers.
/// If unspecified, the container runtime will allocate a random SELinux context for each
/// container.  May also be set in SecurityContext.  If set in
/// both SecurityContext and PodSecurityContext, the value specified in SecurityContext
/// takes precedence for that container.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartPodSecurityContextSeLinuxOptions {
    /// Level is SELinux level label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub level: Option<String>,
    /// Role is a SELinux role label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub role: Option<String>,
    /// Type is a SELinux type label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub r#type: Option<String>,
    /// User is a SELinux user label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub user: Option<String>,
}

/// The seccomp options to use by the containers in this pod.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartPodSecurityContextSeccompProfile {
    /// localhostProfile indicates a profile defined in a file on the node should be used.
    /// The profile must be preconfigured on the node to work.
    /// Must be a descending path, relative to the kubelet's configured seccomp profile location.
    /// Must be set if type is "Localhost". Must NOT be set for any other type.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "localhostProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub localhost_profile: Option<String>,
    /// type indicates which kind of seccomp profile will be applied.
    /// Valid options are:
    ///
    /// Localhost - a profile defined in a file on the node should be used.
    /// RuntimeDefault - the container runtime default profile should be used.
    /// Unconfined - no profile should be applied.
    #[serde(rename = "type")]
    pub r#type: String,
}

/// Sysctl defines a kernel parameter to be set
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartPodSecurityContextSysctls {
    /// Name of a property to set
    pub name: String,
    /// Value of a property to set
    pub value: String,
}

/// The Windows specific settings applied to all containers.
/// If unspecified, the options within a container's SecurityContext will be used.
/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
/// Note that this field cannot be set when spec.os.name is linux.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartPodSecurityContextWindowsOptions {
    /// GMSACredentialSpec is where the GMSA admission webhook
    /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
    /// GMSA credential spec named by the GMSACredentialSpecName field.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "gmsaCredentialSpec"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub gmsa_credential_spec: Option<String>,
    /// GMSACredentialSpecName is the name of the GMSA credential spec to use.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "gmsaCredentialSpecName"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub gmsa_credential_spec_name: Option<String>,
    /// HostProcess determines if a container should be run as a 'Host Process' container.
    /// All of a Pod's containers must have the same effective HostProcess value
    /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
    /// In addition, if HostProcess is true then HostNetwork must also be set to true.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "hostProcess"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub host_process: Option<bool>,
    /// The UserName in Windows to run the entrypoint of the container process.
    /// Defaults to the user specified in image metadata if unspecified.
    /// May also be set in PodSecurityContext. If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "runAsUserName"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_user_name: Option<String>,
}

/// Reference to a ConfigMap containing CA Certificates to be be trusted by Helm. Can be used along with or instead of `.spec.repoCA`
/// Helm CLI positional argument/flag: `--ca-file`
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartRepoCaConfigMap {
    /// Name of the referent.
    /// This field is effectively required, but due to backwards compatibility is
    /// allowed to be empty. Instances of this type with an empty value here are
    /// almost certainly wrong.
    /// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub name: Option<String>,
}

/// custom SecurityContext for the helm job pod.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartSecurityContext {
    /// AllowPrivilegeEscalation controls whether a process can gain more
    /// privileges than its parent process. This bool directly controls if
    /// the no_new_privs flag will be set on the container process.
    /// AllowPrivilegeEscalation is true always when the container is:
    /// 1) run as Privileged
    /// 2) has CAP_SYS_ADMIN
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "allowPrivilegeEscalation"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub allow_privilege_escalation: Option<bool>,
    /// appArmorProfile is the AppArmor options to use by this container. If set, this profile
    /// overrides the pod's appArmorProfile.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "appArmorProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub app_armor_profile: Option<HelmChartSecurityContextAppArmorProfile>,
    /// The capabilities to add/drop when running containers.
    /// Defaults to the default set of capabilities granted by the container runtime.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub capabilities: Option<HelmChartSecurityContextCapabilities>,
    /// Run container in privileged mode.
    /// Processes in privileged containers are essentially equivalent to root on the host.
    /// Defaults to false.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub privileged: Option<bool>,
    /// procMount denotes the type of proc mount to use for the containers.
    /// The default value is Default which uses the container runtime defaults for
    /// readonly paths and masked paths.
    /// This requires the ProcMountType feature flag to be enabled.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "procMount")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub proc_mount: Option<String>,
    /// Whether this container has a read-only root filesystem.
    /// Default is false.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "readOnlyRootFilesystem"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub read_only_root_filesystem: Option<bool>,
    /// The GID to run the entrypoint of the container process.
    /// Uses runtime default if unset.
    /// May also be set in PodSecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "runAsGroup"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_group: Option<i64>,
    /// Indicates that the container must run as a non-root user.
    /// If true, the Kubelet will validate the image at runtime to ensure that it
    /// does not run as UID 0 (root) and fail to start the container if it does.
    /// If unset or false, no such validation will be performed.
    /// May also be set in PodSecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "runAsNonRoot"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_non_root: Option<bool>,
    /// The UID to run the entrypoint of the container process.
    /// Defaults to user specified in image metadata if unspecified.
    /// May also be set in PodSecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "runAsUser")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_user: Option<i64>,
    /// The SELinux context to be applied to the container.
    /// If unspecified, the container runtime will allocate a random SELinux context for each
    /// container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "seLinuxOptions"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub se_linux_options: Option<HelmChartSecurityContextSeLinuxOptions>,
    /// The seccomp options to use by this container. If seccomp options are
    /// provided at both the pod & container level, the container options
    /// override the pod options.
    /// Note that this field cannot be set when spec.os.name is windows.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "seccompProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub seccomp_profile: Option<HelmChartSecurityContextSeccompProfile>,
    /// The Windows specific settings applied to all containers.
    /// If unspecified, the options from the PodSecurityContext will be used.
    /// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
    /// Note that this field cannot be set when spec.os.name is linux.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "windowsOptions"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub windows_options: Option<HelmChartSecurityContextWindowsOptions>,
}

/// appArmorProfile is the AppArmor options to use by this container. If set, this profile
/// overrides the pod's appArmorProfile.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartSecurityContextAppArmorProfile {
    /// localhostProfile indicates a profile loaded on the node that should be used.
    /// The profile must be preconfigured on the node to work.
    /// Must match the loaded name of the profile.
    /// Must be set if and only if type is "Localhost".
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "localhostProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub localhost_profile: Option<String>,
    /// type indicates which kind of AppArmor profile will be applied.
    /// Valid options are:
    ///   Localhost - a profile pre-loaded on the node.
    ///   RuntimeDefault - the container runtime's default profile.
    ///   Unconfined - no AppArmor enforcement.
    #[serde(rename = "type")]
    pub r#type: String,
}

/// The capabilities to add/drop when running containers.
/// Defaults to the default set of capabilities granted by the container runtime.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartSecurityContextCapabilities {
    /// Added capabilities
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub add: Option<Vec<String>>,
    /// Removed capabilities
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub drop: Option<Vec<String>>,
}

/// The SELinux context to be applied to the container.
/// If unspecified, the container runtime will allocate a random SELinux context for each
/// container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
/// PodSecurityContext, the value specified in SecurityContext takes precedence.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartSecurityContextSeLinuxOptions {
    /// Level is SELinux level label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub level: Option<String>,
    /// Role is a SELinux role label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub role: Option<String>,
    /// Type is a SELinux type label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "type")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub r#type: Option<String>,
    /// User is a SELinux user label that applies to the container.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub user: Option<String>,
}

/// The seccomp options to use by this container. If seccomp options are
/// provided at both the pod & container level, the container options
/// override the pod options.
/// Note that this field cannot be set when spec.os.name is windows.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartSecurityContextSeccompProfile {
    /// localhostProfile indicates a profile defined in a file on the node should be used.
    /// The profile must be preconfigured on the node to work.
    /// Must be a descending path, relative to the kubelet's configured seccomp profile location.
    /// Must be set if type is "Localhost". Must NOT be set for any other type.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "localhostProfile"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub localhost_profile: Option<String>,
    /// type indicates which kind of seccomp profile will be applied.
    /// Valid options are:
    ///
    /// Localhost - a profile defined in a file on the node should be used.
    /// RuntimeDefault - the container runtime default profile should be used.
    /// Unconfined - no profile should be applied.
    #[serde(rename = "type")]
    pub r#type: String,
}

/// The Windows specific settings applied to all containers.
/// If unspecified, the options from the PodSecurityContext will be used.
/// If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
/// Note that this field cannot be set when spec.os.name is linux.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartSecurityContextWindowsOptions {
    /// GMSACredentialSpec is where the GMSA admission webhook
    /// (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
    /// GMSA credential spec named by the GMSACredentialSpecName field.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "gmsaCredentialSpec"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub gmsa_credential_spec: Option<String>,
    /// GMSACredentialSpecName is the name of the GMSA credential spec to use.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "gmsaCredentialSpecName"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub gmsa_credential_spec_name: Option<String>,
    /// HostProcess determines if a container should be run as a 'Host Process' container.
    /// All of a Pod's containers must have the same effective HostProcess value
    /// (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
    /// In addition, if HostProcess is true then HostNetwork must also be set to true.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "hostProcess"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub host_process: Option<bool>,
    /// The UserName in Windows to run the entrypoint of the container process.
    /// Defaults to the user specified in image metadata if unspecified.
    /// May also be set in PodSecurityContext. If set in both SecurityContext and
    /// PodSecurityContext, the value specified in SecurityContext takes precedence.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "runAsUserName"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub run_as_user_name: Option<String>,
}

/// SecretSpec describes a key in a secret to load chart values from.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartValuesSecrets {
    /// Ignore changes to the secret, and mark the secret as optional.
    /// By default, the secret must exist, and changes to the secret will trigger an upgrade of the chart to apply the updated values.
    /// If `ignoreUpdates` is true, the secret is optional, and changes to the secret will not trigger an upgrade of the chart.
    #[serde(
        default,
        skip_serializing_if = "Option::is_none",
        rename = "ignoreUpdates"
    )]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub ignore_updates: Option<bool>,
    /// Keys to read values content from. If no keys are specified, the secret is not used.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub keys: Option<Vec<String>>,
    /// Name of the secret. Must be in the same namespace as the HelmChart resource.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub name: Option<String>,
}

/// HelmChartStatus represents the resulting state from processing HelmChart events
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartStatus {
    /// `JobCreated` indicates that a job has been created to install or upgrade the chart.
    /// `Failed` indicates that the helm job has failed and the failure policy is set to `abort`.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub conditions: Option<Vec<HelmChartStatusConditions>>,
    /// The name of the job created to install or upgrade the chart.
    #[serde(default, skip_serializing_if = "Option::is_none", rename = "jobName")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub job_name: Option<String>,
}

#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[cfg_attr(feature = "builder", derive(TypedBuilder))]
#[cfg_attr(feature = "schemars", derive(JsonSchema))]
pub struct HelmChartStatusConditions {
    /// Human readable message indicating details about last transition.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub message: Option<String>,
    /// (brief) reason for the condition's last transition.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[cfg_attr(feature = "builder", builder(default, setter(strip_option)))]
    pub reason: Option<String>,
    /// Status of the condition, one of True, False, Unknown.
    pub status: String,
    /// Type of job condition.
    #[serde(rename = "type")]
    pub r#type: String,
}