argoproj.io / v1alpha1 / AppProject
- string
.apiVersion
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
- string
.kind
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
- object required
.metadata
- object required
.spec
AppProjectSpec is the specification of an AppProject
- array
.spec .clusterResourceBlacklist
ClusterResourceBlacklist contains list of blacklisted cluster level resources
- string required
.spec .clusterResourceBlacklist[] .group
- string required
.spec .clusterResourceBlacklist[] .kind
- array
.spec .clusterResourceWhitelist
ClusterResourceWhitelist contains list of whitelisted cluster level resources
- string required
.spec .clusterResourceWhitelist[] .group
- string required
.spec .clusterResourceWhitelist[] .kind
- string
.spec .description
Description contains optional project description
- array
.spec .destinationServiceAccounts
DestinationServiceAccounts holds information about the service accounts to be impersonated for the application sync operation for each destination.
- string required
.spec .destinationServiceAccounts[] .defaultServiceAccount
DefaultServiceAccount to be used for impersonation during the sync operation
- string
.spec .destinationServiceAccounts[] .namespace
Namespace specifies the target namespace for the application’s resources.
- string required
.spec .destinationServiceAccounts[] .server
Server specifies the URL of the target cluster’s Kubernetes control plane API.
- array
.spec .destinations
Destinations contains list of destinations available for deployment
- string
.spec .destinations[] .name
Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.
- string
.spec .destinations[] .namespace
Namespace specifies the target namespace for the application’s resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
- string
.spec .destinations[] .server
Server specifies the URL of the target cluster’s Kubernetes control plane API. This must be set if Name is not set.
- array
.spec .namespaceResourceBlacklist
NamespaceResourceBlacklist contains list of blacklisted namespace level resources
- string required
.spec .namespaceResourceBlacklist[] .group
- string required
.spec .namespaceResourceBlacklist[] .kind
- array
.spec .namespaceResourceWhitelist
NamespaceResourceWhitelist contains list of whitelisted namespace level resources
- string required
.spec .namespaceResourceWhitelist[] .group
- string required
.spec .namespaceResourceWhitelist[] .kind
- object
.spec .orphanedResources
OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
- array
.spec .orphanedResources .ignore
Ignore contains a list of resources that are to be excluded from orphaned resources monitoring
- string
.spec .orphanedResources .ignore[] .group
- string
.spec .orphanedResources .ignore[] .kind
- string
.spec .orphanedResources .ignore[] .name
- boolean
.spec .orphanedResources .warn
Warn indicates if warning condition should be created for apps which have orphaned resources
- boolean
.spec .permitOnlyProjectScopedClusters
PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped
- array
.spec .roles
Roles are user defined RBAC roles associated with this project
- string
.spec .roles[] .description
Description is a description of the role
- array
.spec .roles[] .groups
Groups are a list of OIDC group claims bound to this role
- array
.spec .roles[] .jwtTokens
JWTTokens are a list of generated JWT tokens bound to this role
- integer
.spec .roles[] .jwtTokens[] .exp
- integer required
.spec .roles[] .jwtTokens[] .iat
- string
.spec .roles[] .jwtTokens[] .id
- string required
.spec .roles[] .name
Name is a name for this role
- array
.spec .roles[] .policies
Policies Stores a list of casbin formatted strings that define access policies for the role in the project
- array
.spec .signatureKeys
SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync
- string required
.spec .signatureKeys[] .keyID
The ID of the key in hexadecimal notation
- array
.spec .sourceNamespaces
SourceNamespaces defines the namespaces application resources are allowed to be created in
- array
.spec .sourceRepos
SourceRepos contains list of repository URLs which can be used for deployment
- array
.spec .syncWindows
SyncWindows controls when syncs can be run for apps in this project
- boolean
.spec .syncWindows[] .andOperator
UseAndOperator use AND operator for matching applications, namespaces and clusters instead of the default OR operator
- array
.spec .syncWindows[] .applications
Applications contains a list of applications that the window will apply to
- array
.spec .syncWindows[] .clusters
Clusters contains a list of clusters that the window will apply to
- string
.spec .syncWindows[] .description
Description of the sync that will be applied to the schedule, can be used to add any information such as a ticket number for example
- string
.spec .syncWindows[] .duration
Duration is the amount of time the sync window will be open
- string
.spec .syncWindows[] .kind
Kind defines if the window allows or blocks syncs
- boolean
.spec .syncWindows[] .manualSync
ManualSync enables manual syncs when they would otherwise be blocked
- array
.spec .syncWindows[] .namespaces
Namespaces contains a list of namespaces that the window will apply to
- string
.spec .syncWindows[] .schedule
Schedule is the time the window will begin, specified in cron format
- string
.spec .syncWindows[] .timeZone
TimeZone of the sync that will be applied to the schedule
- object
.status
AppProjectStatus contains status information for AppProject CRs
- object
.status .jwtTokensByRole
JWTTokensByRole contains a list of JWT tokens issued for a given role