github.com/argoproj-labs/argocd-operator@v0.10.0/bundle/manifests/argoproj.io_appprojects.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 creationTimestamp: null 5 labels: 6 app.kubernetes.io/name: appprojects.argoproj.io 7 app.kubernetes.io/part-of: argocd 8 name: appprojects.argoproj.io 9 spec: 10 group: argoproj.io 11 names: 12 kind: AppProject 13 listKind: AppProjectList 14 plural: appprojects 15 shortNames: 16 - appproj 17 - appprojs 18 singular: appproject 19 scope: Namespaced 20 versions: 21 - name: v1alpha1 22 schema: 23 openAPIV3Schema: 24 description: 'AppProject provides a logical grouping of applications, providing 25 controls for: * where the apps may deploy to (cluster whitelist) * what 26 may be deployed (repository whitelist, resource whitelist/blacklist) * who 27 can access these applications (roles, OIDC group claims bindings) * and 28 what they can do (RBAC policies) * automation access to these roles (JWT 29 tokens)' 30 properties: 31 apiVersion: 32 description: 'APIVersion defines the versioned schema of this representation 33 of an object. Servers should convert recognized schemas to the latest 34 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 35 type: string 36 kind: 37 description: 'Kind is a string value representing the REST resource this 38 object represents. Servers may infer this from the endpoint the client 39 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 40 type: string 41 metadata: 42 type: object 43 spec: 44 description: AppProjectSpec is the specification of an AppProject 45 properties: 46 clusterResourceBlacklist: 47 description: ClusterResourceBlacklist contains list of blacklisted 48 cluster level resources 49 items: 50 description: GroupKind specifies a Group and a Kind, but does not 51 force a version. This is useful for identifying concepts during 52 lookup stages without having partially valid types 53 properties: 54 group: 55 type: string 56 kind: 57 type: string 58 required: 59 - group 60 - kind 61 type: object 62 type: array 63 clusterResourceWhitelist: 64 description: ClusterResourceWhitelist contains list of whitelisted 65 cluster level resources 66 items: 67 description: GroupKind specifies a Group and a Kind, but does not 68 force a version. This is useful for identifying concepts during 69 lookup stages without having partially valid types 70 properties: 71 group: 72 type: string 73 kind: 74 type: string 75 required: 76 - group 77 - kind 78 type: object 79 type: array 80 description: 81 description: Description contains optional project description 82 type: string 83 destinations: 84 description: Destinations contains list of destinations available 85 for deployment 86 items: 87 description: ApplicationDestination holds information about the 88 application's destination 89 properties: 90 name: 91 description: Name is an alternate way of specifying the target 92 cluster by its symbolic name. This must be set if Server is 93 not set. 94 type: string 95 namespace: 96 description: Namespace specifies the target namespace for the 97 application's resources. The namespace will only be set for 98 namespace-scoped resources that have not set a value for .metadata.namespace 99 type: string 100 server: 101 description: Server specifies the URL of the target cluster's 102 Kubernetes control plane API. This must be set if Name is 103 not set. 104 type: string 105 type: object 106 type: array 107 namespaceResourceBlacklist: 108 description: NamespaceResourceBlacklist contains list of blacklisted 109 namespace level resources 110 items: 111 description: GroupKind specifies a Group and a Kind, but does not 112 force a version. This is useful for identifying concepts during 113 lookup stages without having partially valid types 114 properties: 115 group: 116 type: string 117 kind: 118 type: string 119 required: 120 - group 121 - kind 122 type: object 123 type: array 124 namespaceResourceWhitelist: 125 description: NamespaceResourceWhitelist contains list of whitelisted 126 namespace level resources 127 items: 128 description: GroupKind specifies a Group and a Kind, but does not 129 force a version. This is useful for identifying concepts during 130 lookup stages without having partially valid types 131 properties: 132 group: 133 type: string 134 kind: 135 type: string 136 required: 137 - group 138 - kind 139 type: object 140 type: array 141 orphanedResources: 142 description: OrphanedResources specifies if controller should monitor 143 orphaned resources of apps in this project 144 properties: 145 ignore: 146 description: Ignore contains a list of resources that are to be 147 excluded from orphaned resources monitoring 148 items: 149 description: OrphanedResourceKey is a reference to a resource 150 to be ignored from 151 properties: 152 group: 153 type: string 154 kind: 155 type: string 156 name: 157 type: string 158 type: object 159 type: array 160 warn: 161 description: Warn indicates if warning condition should be created 162 for apps which have orphaned resources 163 type: boolean 164 type: object 165 permitOnlyProjectScopedClusters: 166 description: PermitOnlyProjectScopedClusters determines whether destinations 167 can only reference clusters which are project-scoped 168 type: boolean 169 roles: 170 description: Roles are user defined RBAC roles associated with this 171 project 172 items: 173 description: ProjectRole represents a role that has access to a 174 project 175 properties: 176 description: 177 description: Description is a description of the role 178 type: string 179 groups: 180 description: Groups are a list of OIDC group claims bound to 181 this role 182 items: 183 type: string 184 type: array 185 jwtTokens: 186 description: JWTTokens are a list of generated JWT tokens bound 187 to this role 188 items: 189 description: JWTToken holds the issuedAt and expiresAt values 190 of a token 191 properties: 192 exp: 193 format: int64 194 type: integer 195 iat: 196 format: int64 197 type: integer 198 id: 199 type: string 200 required: 201 - iat 202 type: object 203 type: array 204 name: 205 description: Name is a name for this role 206 type: string 207 policies: 208 description: Policies Stores a list of casbin formatted strings 209 that define access policies for the role in the project 210 items: 211 type: string 212 type: array 213 required: 214 - name 215 type: object 216 type: array 217 signatureKeys: 218 description: SignatureKeys contains a list of PGP key IDs that commits 219 in Git must be signed with in order to be allowed for sync 220 items: 221 description: SignatureKey is the specification of a key required 222 to verify commit signatures with 223 properties: 224 keyID: 225 description: The ID of the key in hexadecimal notation 226 type: string 227 required: 228 - keyID 229 type: object 230 type: array 231 sourceNamespaces: 232 description: SourceNamespaces defines the namespaces application resources 233 are allowed to be created in 234 items: 235 type: string 236 type: array 237 sourceRepos: 238 description: SourceRepos contains list of repository URLs which can 239 be used for deployment 240 items: 241 type: string 242 type: array 243 syncWindows: 244 description: SyncWindows controls when syncs can be run for apps in 245 this project 246 items: 247 description: SyncWindow contains the kind, time, duration and attributes 248 that are used to assign the syncWindows to apps 249 properties: 250 applications: 251 description: Applications contains a list of applications that 252 the window will apply to 253 items: 254 type: string 255 type: array 256 clusters: 257 description: Clusters contains a list of clusters that the window 258 will apply to 259 items: 260 type: string 261 type: array 262 duration: 263 description: Duration is the amount of time the sync window 264 will be open 265 type: string 266 kind: 267 description: Kind defines if the window allows or blocks syncs 268 type: string 269 manualSync: 270 description: ManualSync enables manual syncs when they would 271 otherwise be blocked 272 type: boolean 273 namespaces: 274 description: Namespaces contains a list of namespaces that the 275 window will apply to 276 items: 277 type: string 278 type: array 279 schedule: 280 description: Schedule is the time the window will begin, specified 281 in cron format 282 type: string 283 timeZone: 284 description: TimeZone of the sync that will be applied to the 285 schedule 286 type: string 287 type: object 288 type: array 289 type: object 290 status: 291 description: AppProjectStatus contains status information for AppProject 292 CRs 293 properties: 294 jwtTokensByRole: 295 additionalProperties: 296 description: JWTTokens represents a list of JWT tokens 297 properties: 298 items: 299 items: 300 description: JWTToken holds the issuedAt and expiresAt values 301 of a token 302 properties: 303 exp: 304 format: int64 305 type: integer 306 iat: 307 format: int64 308 type: integer 309 id: 310 type: string 311 required: 312 - iat 313 type: object 314 type: array 315 type: object 316 description: JWTTokensByRole contains a list of JWT tokens issued 317 for a given role 318 type: object 319 type: object 320 required: 321 - metadata 322 - spec 323 type: object 324 served: true 325 storage: true 326 status: 327 acceptedNames: 328 kind: "" 329 plural: "" 330 conditions: null 331 storedVersions: null