github.com/argoproj/argo-cd/v3@v3.2.1/manifests/crds/appproject-crd.yaml (about) 1 apiVersion: apiextensions.k8s.io/v1 2 kind: CustomResourceDefinition 3 metadata: 4 labels: 5 app.kubernetes.io/name: appprojects.argoproj.io 6 app.kubernetes.io/part-of: argocd 7 name: appprojects.argoproj.io 8 spec: 9 group: argoproj.io 10 names: 11 kind: AppProject 12 listKind: AppProjectList 13 plural: appprojects 14 shortNames: 15 - appproj 16 - appprojs 17 singular: appproject 18 scope: Namespaced 19 versions: 20 - name: v1alpha1 21 schema: 22 openAPIV3Schema: 23 description: |- 24 AppProject provides a logical grouping of applications, providing controls for: 25 * where the apps may deploy to (cluster whitelist) 26 * what may be deployed (repository whitelist, resource whitelist/blacklist) 27 * who can access these applications (roles, OIDC group claims bindings) 28 * and what they can do (RBAC policies) 29 * automation access to these roles (JWT tokens) 30 properties: 31 apiVersion: 32 description: |- 33 APIVersion defines the versioned schema of this representation of an object. 34 Servers should convert recognized schemas to the latest internal value, and 35 may reject unrecognized values. 36 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources 37 type: string 38 kind: 39 description: |- 40 Kind is a string value representing the REST resource this object represents. 41 Servers may infer this from the endpoint the client submits requests to. 42 Cannot be updated. 43 In CamelCase. 44 More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds 45 type: string 46 metadata: 47 type: object 48 spec: 49 description: AppProjectSpec is the specification of an AppProject 50 properties: 51 clusterResourceBlacklist: 52 description: ClusterResourceBlacklist contains list of blacklisted 53 cluster level resources 54 items: 55 description: |- 56 GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying 57 concepts during lookup stages without having partially valid types 58 properties: 59 group: 60 type: string 61 kind: 62 type: string 63 required: 64 - group 65 - kind 66 type: object 67 type: array 68 clusterResourceWhitelist: 69 description: ClusterResourceWhitelist contains list of whitelisted 70 cluster level resources 71 items: 72 description: |- 73 GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying 74 concepts during lookup stages without having partially valid types 75 properties: 76 group: 77 type: string 78 kind: 79 type: string 80 required: 81 - group 82 - kind 83 type: object 84 type: array 85 description: 86 description: Description contains optional project description 87 maxLength: 255 88 type: string 89 destinationServiceAccounts: 90 description: DestinationServiceAccounts holds information about the 91 service accounts to be impersonated for the application sync operation 92 for each destination. 93 items: 94 description: ApplicationDestinationServiceAccount holds information 95 about the service account to be impersonated for the application 96 sync operation. 97 properties: 98 defaultServiceAccount: 99 description: DefaultServiceAccount to be used for impersonation 100 during the sync operation 101 type: string 102 namespace: 103 description: Namespace specifies the target namespace for the 104 application's resources. 105 type: string 106 server: 107 description: Server specifies the URL of the target cluster's 108 Kubernetes control plane API. 109 type: string 110 required: 111 - defaultServiceAccount 112 - server 113 type: object 114 type: array 115 destinations: 116 description: Destinations contains list of destinations available 117 for deployment 118 items: 119 description: ApplicationDestination holds information about the 120 application's destination 121 properties: 122 name: 123 description: Name is an alternate way of specifying the target 124 cluster by its symbolic name. This must be set if Server is 125 not set. 126 type: string 127 namespace: 128 description: |- 129 Namespace specifies the target namespace for the application's resources. 130 The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace 131 type: string 132 server: 133 description: Server specifies the URL of the target cluster's 134 Kubernetes control plane API. This must be set if Name is 135 not set. 136 type: string 137 type: object 138 type: array 139 namespaceResourceBlacklist: 140 description: NamespaceResourceBlacklist contains list of blacklisted 141 namespace level resources 142 items: 143 description: |- 144 GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying 145 concepts during lookup stages without having partially valid types 146 properties: 147 group: 148 type: string 149 kind: 150 type: string 151 required: 152 - group 153 - kind 154 type: object 155 type: array 156 namespaceResourceWhitelist: 157 description: NamespaceResourceWhitelist contains list of whitelisted 158 namespace level resources 159 items: 160 description: |- 161 GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying 162 concepts during lookup stages without having partially valid types 163 properties: 164 group: 165 type: string 166 kind: 167 type: string 168 required: 169 - group 170 - kind 171 type: object 172 type: array 173 orphanedResources: 174 description: OrphanedResources specifies if controller should monitor 175 orphaned resources of apps in this project 176 properties: 177 ignore: 178 description: Ignore contains a list of resources that are to be 179 excluded from orphaned resources monitoring 180 items: 181 description: OrphanedResourceKey is a reference to a resource 182 to be ignored from 183 properties: 184 group: 185 type: string 186 kind: 187 type: string 188 name: 189 type: string 190 type: object 191 type: array 192 warn: 193 description: Warn indicates if warning condition should be created 194 for apps which have orphaned resources 195 type: boolean 196 type: object 197 permitOnlyProjectScopedClusters: 198 description: PermitOnlyProjectScopedClusters determines whether destinations 199 can only reference clusters which are project-scoped 200 type: boolean 201 roles: 202 description: Roles are user defined RBAC roles associated with this 203 project 204 items: 205 description: ProjectRole represents a role that has access to a 206 project 207 properties: 208 description: 209 description: Description is a description of the role 210 type: string 211 groups: 212 description: Groups are a list of OIDC group claims bound to 213 this role 214 items: 215 type: string 216 type: array 217 jwtTokens: 218 description: JWTTokens are a list of generated JWT tokens bound 219 to this role 220 items: 221 description: JWTToken holds the issuedAt and expiresAt values 222 of a token 223 properties: 224 exp: 225 format: int64 226 type: integer 227 iat: 228 format: int64 229 type: integer 230 id: 231 type: string 232 required: 233 - iat 234 type: object 235 type: array 236 name: 237 description: Name is a name for this role 238 type: string 239 policies: 240 description: Policies Stores a list of casbin formatted strings 241 that define access policies for the role in the project 242 items: 243 type: string 244 type: array 245 required: 246 - name 247 type: object 248 type: array 249 signatureKeys: 250 description: SignatureKeys contains a list of PGP key IDs that commits 251 in Git must be signed with in order to be allowed for sync 252 items: 253 description: SignatureKey is the specification of a key required 254 to verify commit signatures with 255 properties: 256 keyID: 257 description: The ID of the key in hexadecimal notation 258 type: string 259 required: 260 - keyID 261 type: object 262 type: array 263 sourceNamespaces: 264 description: SourceNamespaces defines the namespaces application resources 265 are allowed to be created in 266 items: 267 type: string 268 type: array 269 sourceRepos: 270 description: SourceRepos contains list of repository URLs which can 271 be used for deployment 272 items: 273 type: string 274 type: array 275 syncWindows: 276 description: SyncWindows controls when syncs can be run for apps in 277 this project 278 items: 279 description: SyncWindow contains the kind, time, duration and attributes 280 that are used to assign the syncWindows to apps 281 properties: 282 andOperator: 283 description: UseAndOperator use AND operator for matching applications, 284 namespaces and clusters instead of the default OR operator 285 type: boolean 286 applications: 287 description: Applications contains a list of applications that 288 the window will apply to 289 items: 290 type: string 291 type: array 292 clusters: 293 description: Clusters contains a list of clusters that the window 294 will apply to 295 items: 296 type: string 297 type: array 298 description: 299 description: Description of the sync that will be applied to 300 the schedule, can be used to add any information such as a 301 ticket number for example 302 type: string 303 duration: 304 description: Duration is the amount of time the sync window 305 will be open 306 type: string 307 kind: 308 description: Kind defines if the window allows or blocks syncs 309 type: string 310 manualSync: 311 description: ManualSync enables manual syncs when they would 312 otherwise be blocked 313 type: boolean 314 namespaces: 315 description: Namespaces contains a list of namespaces that the 316 window will apply to 317 items: 318 type: string 319 type: array 320 schedule: 321 description: Schedule is the time the window will begin, specified 322 in cron format 323 type: string 324 timeZone: 325 description: TimeZone of the sync that will be applied to the 326 schedule 327 type: string 328 type: object 329 type: array 330 type: object 331 status: 332 description: AppProjectStatus contains status information for AppProject 333 CRs 334 properties: 335 jwtTokensByRole: 336 additionalProperties: 337 description: JWTTokens represents a list of JWT tokens 338 properties: 339 items: 340 items: 341 description: JWTToken holds the issuedAt and expiresAt values 342 of a token 343 properties: 344 exp: 345 format: int64 346 type: integer 347 iat: 348 format: int64 349 type: integer 350 id: 351 type: string 352 required: 353 - iat 354 type: object 355 type: array 356 type: object 357 description: JWTTokensByRole contains a list of JWT tokens issued 358 for a given role 359 type: object 360 type: object 361 required: 362 - metadata 363 - spec 364 type: object 365 served: true 366 storage: true