github.com/argoproj-labs/argocd-operator@v0.10.0/deploy/olm-catalog/argocd-operator/0.8.0/argoproj.io_appprojects.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 creationTimestamp: null 5 labels: 6 app.kubernetes.io/name: appprojects.argoproj.io 7 app.kubernetes.io/part-of: argocd 8 name: appprojects.argoproj.io 9 spec: 10 group: argoproj.io 11 names: 12 kind: AppProject 13 listKind: AppProjectList 14 plural: appprojects 15 shortNames: 16 - appproj 17 - appprojs 18 singular: appproject 19 scope: Namespaced 20 versions: 21 - name: v1alpha1 22 schema: 23 openAPIV3Schema: 24 description: 'AppProject provides a logical grouping of applications, providing 25 controls for: * where the apps may deploy to (cluster whitelist) * what 26 may be deployed (repository whitelist, resource whitelist/blacklist) * who 27 can access these applications (roles, OIDC group claims bindings) * and 28 what they can do (RBAC policies) * automation access to these roles (JWT 29 tokens)' 30 properties: 31 apiVersion: 32 description: 'APIVersion defines the versioned schema of this representation 33 of an object. Servers should convert recognized schemas to the latest 34 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 35 type: string 36 kind: 37 description: 'Kind is a string value representing the REST resource this 38 object represents. Servers may infer this from the endpoint the client 39 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 40 type: string 41 metadata: 42 type: object 43 spec: 44 description: AppProjectSpec is the specification of an AppProject 45 properties: 46 clusterResourceBlacklist: 47 description: ClusterResourceBlacklist contains list of blacklisted 48 cluster level resources 49 items: 50 description: GroupKind specifies a Group and a Kind, but does not 51 force a version. This is useful for identifying concepts during 52 lookup stages without having partially valid types 53 properties: 54 group: 55 type: string 56 kind: 57 type: string 58 required: 59 - group 60 - kind 61 type: object 62 type: array 63 clusterResourceWhitelist: 64 description: ClusterResourceWhitelist contains list of whitelisted 65 cluster level resources 66 items: 67 description: GroupKind specifies a Group and a Kind, but does not 68 force a version. This is useful for identifying concepts during 69 lookup stages without having partially valid types 70 properties: 71 group: 72 type: string 73 kind: 74 type: string 75 required: 76 - group 77 - kind 78 type: object 79 type: array 80 description: 81 description: Description contains optional project description 82 type: string 83 destinations: 84 description: Destinations contains list of destinations available 85 for deployment 86 items: 87 description: ApplicationDestination holds information about the 88 application's destination 89 properties: 90 name: 91 description: Name is an alternate way of specifying the target 92 cluster by its symbolic name 93 type: string 94 namespace: 95 description: Namespace specifies the target namespace for the 96 application's resources. The namespace will only be set for 97 namespace-scoped resources that have not set a value for .metadata.namespace 98 type: string 99 server: 100 description: Server specifies the URL of the target cluster 101 and must be set to the Kubernetes control plane API 102 type: string 103 type: object 104 type: array 105 namespaceResourceBlacklist: 106 description: NamespaceResourceBlacklist contains list of blacklisted 107 namespace level resources 108 items: 109 description: GroupKind specifies a Group and a Kind, but does not 110 force a version. This is useful for identifying concepts during 111 lookup stages without having partially valid types 112 properties: 113 group: 114 type: string 115 kind: 116 type: string 117 required: 118 - group 119 - kind 120 type: object 121 type: array 122 namespaceResourceWhitelist: 123 description: NamespaceResourceWhitelist contains list of whitelisted 124 namespace level resources 125 items: 126 description: GroupKind specifies a Group and a Kind, but does not 127 force a version. This is useful for identifying concepts during 128 lookup stages without having partially valid types 129 properties: 130 group: 131 type: string 132 kind: 133 type: string 134 required: 135 - group 136 - kind 137 type: object 138 type: array 139 orphanedResources: 140 description: OrphanedResources specifies if controller should monitor 141 orphaned resources of apps in this project 142 properties: 143 ignore: 144 description: Ignore contains a list of resources that are to be 145 excluded from orphaned resources monitoring 146 items: 147 description: OrphanedResourceKey is a reference to a resource 148 to be ignored from 149 properties: 150 group: 151 type: string 152 kind: 153 type: string 154 name: 155 type: string 156 type: object 157 type: array 158 warn: 159 description: Warn indicates if warning condition should be created 160 for apps which have orphaned resources 161 type: boolean 162 type: object 163 permitOnlyProjectScopedClusters: 164 description: PermitOnlyProjectScopedClusters determines whether destinations 165 can only reference clusters which are project-scoped 166 type: boolean 167 roles: 168 description: Roles are user defined RBAC roles associated with this 169 project 170 items: 171 description: ProjectRole represents a role that has access to a 172 project 173 properties: 174 description: 175 description: Description is a description of the role 176 type: string 177 groups: 178 description: Groups are a list of OIDC group claims bound to 179 this role 180 items: 181 type: string 182 type: array 183 jwtTokens: 184 description: JWTTokens are a list of generated JWT tokens bound 185 to this role 186 items: 187 description: JWTToken holds the issuedAt and expiresAt values 188 of a token 189 properties: 190 exp: 191 format: int64 192 type: integer 193 iat: 194 format: int64 195 type: integer 196 id: 197 type: string 198 required: 199 - iat 200 type: object 201 type: array 202 name: 203 description: Name is a name for this role 204 type: string 205 policies: 206 description: Policies Stores a list of casbin formatted strings 207 that define access policies for the role in the project 208 items: 209 type: string 210 type: array 211 required: 212 - name 213 type: object 214 type: array 215 signatureKeys: 216 description: SignatureKeys contains a list of PGP key IDs that commits 217 in Git must be signed with in order to be allowed for sync 218 items: 219 description: SignatureKey is the specification of a key required 220 to verify commit signatures with 221 properties: 222 keyID: 223 description: The ID of the key in hexadecimal notation 224 type: string 225 required: 226 - keyID 227 type: object 228 type: array 229 sourceNamespaces: 230 description: SourceNamespaces defines the namespaces application resources 231 are allowed to be created in 232 items: 233 type: string 234 type: array 235 sourceRepos: 236 description: SourceRepos contains list of repository URLs which can 237 be used for deployment 238 items: 239 type: string 240 type: array 241 syncWindows: 242 description: SyncWindows controls when syncs can be run for apps in 243 this project 244 items: 245 description: SyncWindow contains the kind, time, duration and attributes 246 that are used to assign the syncWindows to apps 247 properties: 248 applications: 249 description: Applications contains a list of applications that 250 the window will apply to 251 items: 252 type: string 253 type: array 254 clusters: 255 description: Clusters contains a list of clusters that the window 256 will apply to 257 items: 258 type: string 259 type: array 260 duration: 261 description: Duration is the amount of time the sync window 262 will be open 263 type: string 264 kind: 265 description: Kind defines if the window allows or blocks syncs 266 type: string 267 manualSync: 268 description: ManualSync enables manual syncs when they would 269 otherwise be blocked 270 type: boolean 271 namespaces: 272 description: Namespaces contains a list of namespaces that the 273 window will apply to 274 items: 275 type: string 276 type: array 277 schedule: 278 description: Schedule is the time the window will begin, specified 279 in cron format 280 type: string 281 timeZone: 282 description: TimeZone of the sync that will be applied to the 283 schedule 284 type: string 285 type: object 286 type: array 287 type: object 288 status: 289 description: AppProjectStatus contains status information for AppProject 290 CRs 291 properties: 292 jwtTokensByRole: 293 additionalProperties: 294 description: JWTTokens represents a list of JWT tokens 295 properties: 296 items: 297 items: 298 description: JWTToken holds the issuedAt and expiresAt values 299 of a token 300 properties: 301 exp: 302 format: int64 303 type: integer 304 iat: 305 format: int64 306 type: integer 307 id: 308 type: string 309 required: 310 - iat 311 type: object 312 type: array 313 type: object 314 description: JWTTokensByRole contains a list of JWT tokens issued 315 for a given role 316 type: object 317 type: object 318 required: 319 - metadata 320 - spec 321 type: object 322 served: true 323 storage: true 324 status: 325 acceptedNames: 326 kind: "" 327 plural: "" 328 conditions: null 329 storedVersions: null