github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/charts/argo-cd/templates/crds/crd-project.yaml (about) 1 {{- if .Values.crds.install }} 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 {{- if .Values.crds.keep }} 7 "helm.sh/resource-policy": keep 8 {{- end }} 9 {{- with .Values.crds.annotations }} 10 {{- toYaml . | nindent 4 }} 11 {{- end }} 12 labels: 13 app.kubernetes.io/name: appprojects.argoproj.io 14 app.kubernetes.io/part-of: argocd 15 {{- with .Values.crds.additionalLabels }} 16 {{- toYaml . | nindent 4}} 17 {{- end }} 18 name: appprojects.argoproj.io 19 spec: 20 group: argoproj.io 21 names: 22 kind: AppProject 23 listKind: AppProjectList 24 plural: appprojects 25 shortNames: 26 - appproj 27 - appprojs 28 singular: appproject 29 scope: Namespaced 30 versions: 31 - name: v1alpha1 32 schema: 33 openAPIV3Schema: 34 description: 'AppProject provides a logical grouping of applications, providing 35 controls for: * where the apps may deploy to (cluster whitelist) * what 36 may be deployed (repository whitelist, resource whitelist/blacklist) * who 37 can access these applications (roles, OIDC group claims bindings) * and 38 what they can do (RBAC policies) * automation access to these roles (JWT 39 tokens)' 40 properties: 41 apiVersion: 42 description: 'APIVersion defines the versioned schema of this representation 43 of an object. Servers should convert recognized schemas to the latest 44 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 45 type: string 46 kind: 47 description: 'Kind is a string value representing the REST resource this 48 object represents. Servers may infer this from the endpoint the client 49 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 50 type: string 51 metadata: 52 type: object 53 spec: 54 description: AppProjectSpec is the specification of an AppProject 55 properties: 56 clusterResourceBlacklist: 57 description: ClusterResourceBlacklist contains list of blacklisted 58 cluster level resources 59 items: 60 description: GroupKind specifies a Group and a Kind, but does not 61 force a version. This is useful for identifying concepts during 62 lookup stages without having partially valid types 63 properties: 64 group: 65 type: string 66 kind: 67 type: string 68 required: 69 - group 70 - kind 71 type: object 72 type: array 73 clusterResourceWhitelist: 74 description: ClusterResourceWhitelist contains list of whitelisted 75 cluster level resources 76 items: 77 description: GroupKind specifies a Group and a Kind, but does not 78 force a version. This is useful for identifying concepts during 79 lookup stages without having partially valid types 80 properties: 81 group: 82 type: string 83 kind: 84 type: string 85 required: 86 - group 87 - kind 88 type: object 89 type: array 90 description: 91 description: Description contains optional project description 92 type: string 93 destinations: 94 description: Destinations contains list of destinations available 95 for deployment 96 items: 97 description: ApplicationDestination holds information about the 98 application's destination 99 properties: 100 name: 101 description: Name is an alternate way of specifying the target 102 cluster by its symbolic name 103 type: string 104 namespace: 105 description: Namespace specifies the target namespace for the 106 application's resources. The namespace will only be set for 107 namespace-scoped resources that have not set a value for .metadata.namespace 108 type: string 109 server: 110 description: Server specifies the URL of the target cluster 111 and must be set to the Kubernetes control plane API 112 type: string 113 type: object 114 type: array 115 namespaceResourceBlacklist: 116 description: NamespaceResourceBlacklist contains list of blacklisted 117 namespace level resources 118 items: 119 description: GroupKind specifies a Group and a Kind, but does not 120 force a version. This is useful for identifying concepts during 121 lookup stages without having partially valid types 122 properties: 123 group: 124 type: string 125 kind: 126 type: string 127 required: 128 - group 129 - kind 130 type: object 131 type: array 132 namespaceResourceWhitelist: 133 description: NamespaceResourceWhitelist contains list of whitelisted 134 namespace level resources 135 items: 136 description: GroupKind specifies a Group and a Kind, but does not 137 force a version. This is useful for identifying concepts during 138 lookup stages without having partially valid types 139 properties: 140 group: 141 type: string 142 kind: 143 type: string 144 required: 145 - group 146 - kind 147 type: object 148 type: array 149 orphanedResources: 150 description: OrphanedResources specifies if controller should monitor 151 orphaned resources of apps in this project 152 properties: 153 ignore: 154 description: Ignore contains a list of resources that are to be 155 excluded from orphaned resources monitoring 156 items: 157 description: OrphanedResourceKey is a reference to a resource 158 to be ignored from 159 properties: 160 group: 161 type: string 162 kind: 163 type: string 164 name: 165 type: string 166 type: object 167 type: array 168 warn: 169 description: Warn indicates if warning condition should be created 170 for apps which have orphaned resources 171 type: boolean 172 type: object 173 permitOnlyProjectScopedClusters: 174 description: PermitOnlyProjectScopedClusters determines whether destinations 175 can only reference clusters which are project-scoped 176 type: boolean 177 roles: 178 description: Roles are user defined RBAC roles associated with this 179 project 180 items: 181 description: ProjectRole represents a role that has access to a 182 project 183 properties: 184 description: 185 description: Description is a description of the role 186 type: string 187 groups: 188 description: Groups are a list of OIDC group claims bound to 189 this role 190 items: 191 type: string 192 type: array 193 jwtTokens: 194 description: JWTTokens are a list of generated JWT tokens bound 195 to this role 196 items: 197 description: JWTToken holds the issuedAt and expiresAt values 198 of a token 199 properties: 200 exp: 201 format: int64 202 type: integer 203 iat: 204 format: int64 205 type: integer 206 id: 207 type: string 208 required: 209 - iat 210 type: object 211 type: array 212 name: 213 description: Name is a name for this role 214 type: string 215 policies: 216 description: Policies Stores a list of casbin formatted strings 217 that define access policies for the role in the project 218 items: 219 type: string 220 type: array 221 required: 222 - name 223 type: object 224 type: array 225 signatureKeys: 226 description: SignatureKeys contains a list of PGP key IDs that commits 227 in Git must be signed with in order to be allowed for sync 228 items: 229 description: SignatureKey is the specification of a key required 230 to verify commit signatures with 231 properties: 232 keyID: 233 description: The ID of the key in hexadecimal notation 234 type: string 235 required: 236 - keyID 237 type: object 238 type: array 239 sourceNamespaces: 240 description: SourceNamespaces defines the namespaces application resources 241 are allowed to be created in 242 items: 243 type: string 244 type: array 245 sourceRepos: 246 description: SourceRepos contains list of repository URLs which can 247 be used for deployment 248 items: 249 type: string 250 type: array 251 syncWindows: 252 description: SyncWindows controls when syncs can be run for apps in 253 this project 254 items: 255 description: SyncWindow contains the kind, time, duration and attributes 256 that are used to assign the syncWindows to apps 257 properties: 258 applications: 259 description: Applications contains a list of applications that 260 the window will apply to 261 items: 262 type: string 263 type: array 264 clusters: 265 description: Clusters contains a list of clusters that the window 266 will apply to 267 items: 268 type: string 269 type: array 270 duration: 271 description: Duration is the amount of time the sync window 272 will be open 273 type: string 274 kind: 275 description: Kind defines if the window allows or blocks syncs 276 type: string 277 manualSync: 278 description: ManualSync enables manual syncs when they would 279 otherwise be blocked 280 type: boolean 281 namespaces: 282 description: Namespaces contains a list of namespaces that the 283 window will apply to 284 items: 285 type: string 286 type: array 287 schedule: 288 description: Schedule is the time the window will begin, specified 289 in cron format 290 type: string 291 timeZone: 292 description: TimeZone of the sync that will be applied to the 293 schedule 294 type: string 295 type: object 296 type: array 297 type: object 298 status: 299 description: AppProjectStatus contains status information for AppProject 300 CRs 301 properties: 302 jwtTokensByRole: 303 additionalProperties: 304 description: JWTTokens represents a list of JWT tokens 305 properties: 306 items: 307 items: 308 description: JWTToken holds the issuedAt and expiresAt values 309 of a token 310 properties: 311 exp: 312 format: int64 313 type: integer 314 iat: 315 format: int64 316 type: integer 317 id: 318 type: string 319 required: 320 - iat 321 type: object 322 type: array 323 type: object 324 description: JWTTokensByRole contains a list of JWT tokens issued 325 for a given role 326 type: object 327 type: object 328 required: 329 - metadata 330 - spec 331 type: object 332 served: true 333 storage: true 334 {{- end }}