github.com/argoproj-labs/argocd-operator@v0.10.0/config/crd/bases/argoproj.io_appprojects.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 labels: 5 app.kubernetes.io/name: appprojects.argoproj.io 6 app.kubernetes.io/part-of: argocd 7 name: appprojects.argoproj.io 8 spec: 9 group: argoproj.io 10 names: 11 kind: AppProject 12 listKind: AppProjectList 13 plural: appprojects 14 shortNames: 15 - appproj 16 - appprojs 17 singular: appproject 18 scope: Namespaced 19 versions: 20 - name: v1alpha1 21 schema: 22 openAPIV3Schema: 23 description: 'AppProject provides a logical grouping of applications, providing 24 controls for: * where the apps may deploy to (cluster whitelist) * what 25 may be deployed (repository whitelist, resource whitelist/blacklist) * who 26 can access these applications (roles, OIDC group claims bindings) * and 27 what they can do (RBAC policies) * automation access to these roles (JWT 28 tokens)' 29 properties: 30 apiVersion: 31 description: 'APIVersion defines the versioned schema of this representation 32 of an object. Servers should convert recognized schemas to the latest 33 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 34 type: string 35 kind: 36 description: 'Kind is a string value representing the REST resource this 37 object represents. Servers may infer this from the endpoint the client 38 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 39 type: string 40 metadata: 41 type: object 42 spec: 43 description: AppProjectSpec is the specification of an AppProject 44 properties: 45 clusterResourceBlacklist: 46 description: ClusterResourceBlacklist contains list of blacklisted 47 cluster level resources 48 items: 49 description: GroupKind specifies a Group and a Kind, but does not 50 force a version. This is useful for identifying concepts during 51 lookup stages without having partially valid types 52 properties: 53 group: 54 type: string 55 kind: 56 type: string 57 required: 58 - group 59 - kind 60 type: object 61 type: array 62 clusterResourceWhitelist: 63 description: ClusterResourceWhitelist contains list of whitelisted 64 cluster level resources 65 items: 66 description: GroupKind specifies a Group and a Kind, but does not 67 force a version. This is useful for identifying concepts during 68 lookup stages without having partially valid types 69 properties: 70 group: 71 type: string 72 kind: 73 type: string 74 required: 75 - group 76 - kind 77 type: object 78 type: array 79 description: 80 description: Description contains optional project description 81 type: string 82 destinations: 83 description: Destinations contains list of destinations available 84 for deployment 85 items: 86 description: ApplicationDestination holds information about the 87 application's destination 88 properties: 89 name: 90 description: Name is an alternate way of specifying the target 91 cluster by its symbolic name. This must be set if Server is 92 not set. 93 type: string 94 namespace: 95 description: Namespace specifies the target namespace for the 96 application's resources. The namespace will only be set for 97 namespace-scoped resources that have not set a value for .metadata.namespace 98 type: string 99 server: 100 description: Server specifies the URL of the target cluster's 101 Kubernetes control plane API. This must be set if Name is 102 not set. 103 type: string 104 type: object 105 type: array 106 namespaceResourceBlacklist: 107 description: NamespaceResourceBlacklist contains list of blacklisted 108 namespace level resources 109 items: 110 description: GroupKind specifies a Group and a Kind, but does not 111 force a version. This is useful for identifying concepts during 112 lookup stages without having partially valid types 113 properties: 114 group: 115 type: string 116 kind: 117 type: string 118 required: 119 - group 120 - kind 121 type: object 122 type: array 123 namespaceResourceWhitelist: 124 description: NamespaceResourceWhitelist contains list of whitelisted 125 namespace level resources 126 items: 127 description: GroupKind specifies a Group and a Kind, but does not 128 force a version. This is useful for identifying concepts during 129 lookup stages without having partially valid types 130 properties: 131 group: 132 type: string 133 kind: 134 type: string 135 required: 136 - group 137 - kind 138 type: object 139 type: array 140 orphanedResources: 141 description: OrphanedResources specifies if controller should monitor 142 orphaned resources of apps in this project 143 properties: 144 ignore: 145 description: Ignore contains a list of resources that are to be 146 excluded from orphaned resources monitoring 147 items: 148 description: OrphanedResourceKey is a reference to a resource 149 to be ignored from 150 properties: 151 group: 152 type: string 153 kind: 154 type: string 155 name: 156 type: string 157 type: object 158 type: array 159 warn: 160 description: Warn indicates if warning condition should be created 161 for apps which have orphaned resources 162 type: boolean 163 type: object 164 permitOnlyProjectScopedClusters: 165 description: PermitOnlyProjectScopedClusters determines whether destinations 166 can only reference clusters which are project-scoped 167 type: boolean 168 roles: 169 description: Roles are user defined RBAC roles associated with this 170 project 171 items: 172 description: ProjectRole represents a role that has access to a 173 project 174 properties: 175 description: 176 description: Description is a description of the role 177 type: string 178 groups: 179 description: Groups are a list of OIDC group claims bound to 180 this role 181 items: 182 type: string 183 type: array 184 jwtTokens: 185 description: JWTTokens are a list of generated JWT tokens bound 186 to this role 187 items: 188 description: JWTToken holds the issuedAt and expiresAt values 189 of a token 190 properties: 191 exp: 192 format: int64 193 type: integer 194 iat: 195 format: int64 196 type: integer 197 id: 198 type: string 199 required: 200 - iat 201 type: object 202 type: array 203 name: 204 description: Name is a name for this role 205 type: string 206 policies: 207 description: Policies Stores a list of casbin formatted strings 208 that define access policies for the role in the project 209 items: 210 type: string 211 type: array 212 required: 213 - name 214 type: object 215 type: array 216 signatureKeys: 217 description: SignatureKeys contains a list of PGP key IDs that commits 218 in Git must be signed with in order to be allowed for sync 219 items: 220 description: SignatureKey is the specification of a key required 221 to verify commit signatures with 222 properties: 223 keyID: 224 description: The ID of the key in hexadecimal notation 225 type: string 226 required: 227 - keyID 228 type: object 229 type: array 230 sourceNamespaces: 231 description: SourceNamespaces defines the namespaces application resources 232 are allowed to be created in 233 items: 234 type: string 235 type: array 236 sourceRepos: 237 description: SourceRepos contains list of repository URLs which can 238 be used for deployment 239 items: 240 type: string 241 type: array 242 syncWindows: 243 description: SyncWindows controls when syncs can be run for apps in 244 this project 245 items: 246 description: SyncWindow contains the kind, time, duration and attributes 247 that are used to assign the syncWindows to apps 248 properties: 249 applications: 250 description: Applications contains a list of applications that 251 the window will apply to 252 items: 253 type: string 254 type: array 255 clusters: 256 description: Clusters contains a list of clusters that the window 257 will apply to 258 items: 259 type: string 260 type: array 261 duration: 262 description: Duration is the amount of time the sync window 263 will be open 264 type: string 265 kind: 266 description: Kind defines if the window allows or blocks syncs 267 type: string 268 manualSync: 269 description: ManualSync enables manual syncs when they would 270 otherwise be blocked 271 type: boolean 272 namespaces: 273 description: Namespaces contains a list of namespaces that the 274 window will apply to 275 items: 276 type: string 277 type: array 278 schedule: 279 description: Schedule is the time the window will begin, specified 280 in cron format 281 type: string 282 timeZone: 283 description: TimeZone of the sync that will be applied to the 284 schedule 285 type: string 286 type: object 287 type: array 288 type: object 289 status: 290 description: AppProjectStatus contains status information for AppProject 291 CRs 292 properties: 293 jwtTokensByRole: 294 additionalProperties: 295 description: JWTTokens represents a list of JWT tokens 296 properties: 297 items: 298 items: 299 description: JWTToken holds the issuedAt and expiresAt values 300 of a token 301 properties: 302 exp: 303 format: int64 304 type: integer 305 iat: 306 format: int64 307 type: integer 308 id: 309 type: string 310 required: 311 - iat 312 type: object 313 type: array 314 type: object 315 description: JWTTokensByRole contains a list of JWT tokens issued 316 for a given role 317 type: object 318 type: object 319 required: 320 - metadata 321 - spec 322 type: object 323 served: true 324 storage: true