API Reference¶
Packages¶
cpet.belastingdienst.nl/v1alpha1¶
Package v1alpha1 contains API Schema definitions for the v1alpha1 API group
Resource Types¶
ConfigArgoPermissions¶
Deprecated: ArgoCD specific code will be removed from the operator
Appears in: - PaasConfigSpec
| Field | Description | Default | Validation |
|---|---|---|---|
default_policy string |
Deprecated: ArgoCD specific code will be removed from the operator The optional default policy which is set in the ArgoCD instance |
Optional: {} |
|
resource_name string |
Deprecated: ArgoCD specific code will be removed from the operator The name of the ArgoCD instance to apply ArgoPermissions to |
MinLength: 1 Required: {} |
|
role string |
Deprecated: ArgoCD specific code will be removed from the operator The name of the role to add to Groups set in ArgoPermissions |
MinLength: 1 Required: {} |
|
header string |
Deprecated: ArgoCD specific code will be removed from the operator The header value to set in ArgoPermissions |
MinLength: 1 Required: {} |
ConfigCapPerm¶
Underlying type: object
Appears in: - ConfigCapability
ConfigCapabilities¶
Underlying type: map[string]ConfigCapability
Appears in: - PaasConfigSpec
ConfigCapability¶
Appears in: - ConfigCapabilities
| Field | Description | Default | Validation |
|---|---|---|---|
applicationset string |
Name of the ArgoCD ApplicationSet which manages this capability | MinLength: 1 Required: {} |
|
quotas ConfigQuotaSettings |
Quota settings for this capability | Required: {} |
|
extra_permissions ConfigCapPerm |
Extra permissions set for this capability | Optional: {} |
|
default_permissions ConfigCapPerm |
Default permissions set for this capability | Optional: {} |
|
custom_fields object (keys:string, values:ConfigCustomField) |
Settings to allow specific configuration specific to a capability |
ConfigCustomField¶
Appears in: - ConfigCapability
| Field | Description | Default | Validation |
|---|---|---|---|
validation string |
Regular expression for validating input, defaults to '', which means no validation. | Optional: {} |
|
default string |
Set a default when no value is specified, defaults to ''. Only applies when Required is false. |
Optional: {} |
|
required boolean |
Define if the value must be specified in the PaaS. When set to true, and no value is set, PaasNs has error in status field, and capability is not built. When set to false, and no value is set, Default is used. |
Optional: {} |
ConfigLdap¶
Appears in: - PaasConfigSpec
| Field | Description | Default | Validation |
|---|---|---|---|
host string |
LDAP server hostname | MinLength: 1 Required: {} |
|
port integer |
LDAP server port | Minimum: 1 Required: {} |
ConfigQuotaSettings¶
Appears in: - ConfigCapability
| Field | Description | Default | Validation |
|---|---|---|---|
clusterwide boolean |
Is this a clusterwide quota or not | false | Optional: {} |
ratio float |
The ratio of the requested quota which will be applied to the total quota | Format: float Maximum: 1 Minimum: 0 Optional: {} |
|
defaults object (keys:ResourceName, values:Quantity) |
The default quota which the enabled capability gets | Required: {} |
|
min object (keys:ResourceName, values:Quantity) |
The minimum quota which the enabled capability gets | Optional: {} |
|
max object (keys:ResourceName, values:Quantity) |
The maximum quota which the capability gets | Optional: {} |
ConfigRoleMappings¶
Underlying type: object
Appears in: - PaasConfigSpec
NamespacedName¶
Appears in: - PaasConfigSpec
| Field | Description | Default | Validation |
|---|---|---|---|
name string |
MinLength: 1 Required: {} |
||
namespace string |
MinLength: 1 Required: {} |
Paas¶
Paas is the Schema for the paas API
Appears in: - PaasList
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
cpet.belastingdienst.nl/v1alpha1 |
||
kind string |
Paas |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec PaasSpec |
PaasCapabilities¶
Underlying type: map[string]PaasCapability
Appears in: - PaasSpec
PaasCapability¶
Appears in: - PaasCapabilities
| Field | Description | Default | Validation |
|---|---|---|---|
enabled boolean |
Do we want to use this capability, default false | Optional: {} |
|
gitUrl string |
The URL that contains the Applications / Application Sets to be used by this capability | Optional: {} |
|
gitRevision string |
The revision of the git repo that contains the Applications / Application Sets to be used by this capability | Optional: {} |
|
gitPath string |
the path in the git repo that contains the Applications / Application Sets to be used by this capability | Optional: {} |
|
custom_fields object (keys:string, values:string) |
Custom fields to configure this specific Capability | Optional: {} |
|
quota Quota |
This project has its own ClusterResourceQuota settings | Optional: {} |
|
sshSecrets object (keys:string, values:string) |
You can add ssh keys (which is a type of secret) for capability to use for access to bitBucket They must be encrypted with the public key corresponding to the private key deployed together with the Paas operator |
Optional: {} |
|
extra_permissions boolean |
You can enable extra permissions for the service accounts belonging to this capability Exact definitions is configured in Paas Configmap |
Optional: {} |
PaasConfig¶
Appears in: - PaasConfigList
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
cpet.belastingdienst.nl/v1alpha1 |
||
kind string |
PaasConfig |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec PaasConfigSpec |
PaasConfigList¶
PaasConfigList contains a list of PaasConfig
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
cpet.belastingdienst.nl/v1alpha1 |
||
kind string |
PaasConfigList |
||
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
items PaasConfig array |
PaasConfigSpec¶
Appears in: - PaasConfig
| Field | Description | Default | Validation |
|---|---|---|---|
decryptKeySecret NamespacedName |
DecryptKeysSecret is a reference to the secret containing the DecryptKeys | Required: {} |
|
debug boolean |
Enable debug information generation or not | false | Optional: {} |
capabilities ConfigCapabilities |
A map with zero or more ConfigCapability | Optional: {} |
|
groupsynclist NamespacedName |
Deprecated: GroupSyncList code will be removed from the operator to make it more generic A reference to a configmap containing a groupsynclist of LDAP groups to be synced using LDAP sync |
Required: {} |
|
groupsynclist_key string |
Deprecated: GroupSyncListKey code will be removed from the operator to make it more generic A key in the configures GroupSyncList which will contain the LDAP groups to be synced using LDAP sync |
groupsynclist.txt | Optional: {} |
ldap ConfigLdap |
LDAP configuration for the operator to add to Groups | Optional: {} |
|
argopermissions ConfigArgoPermissions |
Deprecated: ArgoCD specific code will be removed from the operator Permissions to set for ArgoCD instance |
Optional: {} |
|
clusterwide_argocd_namespace string |
Namespace in which a clusterwide ArgoCD can be found for managing capabilities and appProjects | MinLength: 1 Required: {} |
|
quota_label string |
Label which is added to clusterquotas | clusterquotagroup | Optional: {} |
requestor_label string |
Name of the label used to define who is the contact for this resource | requestor | Optional: {} |
managed_by_label string |
Name of the label used to define by whom the resource is managed. | argocd.argoproj.io/managed-by | Optional: {} |
exclude_appset_name string |
Deprecated: ArgoCD specific code will be removed from the operator Name of an ApplicationSet to be set as ignored in the ArgoCD bootstrap Application |
MinLength: 1 Required: {} |
|
rolemappings ConfigRoleMappings |
Grant permissions to all groups according to config in configmap and role selected per group in paas. | Optional: {} |
PaasGroup¶
Appears in: - PaasGroups
| Field | Description | Default | Validation |
|---|---|---|---|
query string |
A fully qualified LDAP query which will be used by the Group Sync Operator to sync users to the defined group. When set in combination with users, the Group Sync Operator will overwrite the manually assigned users.Therefore, this field is mutually exclusive with group.users. |
Optional: {} |
|
users string array |
A list of LDAP users which are added to the defined group. When set in combination with users, the Group Sync Operator will overwrite the manually assigned users.Therefore, this field is mutually exclusive with group.query. |
Optional: {} |
|
roles string array |
List of roles, as defined in the PaasConfig which the users in this group get assigned via a rolebinding. |
Optional: {} |
PaasGroups¶
Underlying type: map[string]PaasGroup
Appears in: - PaasSpec
PaasList¶
PaasList contains a list of Paas
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
cpet.belastingdienst.nl/v1alpha1 |
||
kind string |
PaasList |
||
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
items Paas array |
PaasNS¶
PaasNS is the Schema for the PaasNS API
Appears in: - PaasNSList
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
cpet.belastingdienst.nl/v1alpha1 |
||
kind string |
PaasNS |
||
metadata ObjectMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
spec PaasNSSpec |
PaasNSList¶
PaasNSList contains a list of PaasNS
| Field | Description | Default | Validation |
|---|---|---|---|
apiVersion string |
cpet.belastingdienst.nl/v1alpha1 |
||
kind string |
PaasNSList |
||
metadata ListMeta |
Refer to Kubernetes API documentation for fields of metadata. |
||
items PaasNS array |
PaasNSSpec¶
PaasNSSpec defines the desired state of PaasNS
Appears in: - PaasNS
| Field | Description | Default | Validation |
|---|---|---|---|
paas string |
The metadata.name of the Paas which created the namespace in which this PaasNS is applied |
MinLength: 1 Required: {} |
|
groups string array |
Keys of the groups, as defined in the related paas, which should get access to the namespace created by this PaasNS.When not set, all groups as defined in the related paas get access to the namespace created by this PaasNS. |
Optional: {} |
|
sshSecrets object (keys:string, values:string) |
SshSecrets which should exist in the namespace created through this PaasNS, the values are the encrypted secrets through Crypt | Optional: {} |
PaasSpec¶
PaasSpec defines the desired state of Paas
Appears in: - Paas
| Field | Description | Default | Validation |
|---|---|---|---|
capabilities PaasCapabilities |
Capabilities is a subset of capabilities that will be available in this Paas Project | Optional: {} |
|
requestor string |
Requestor is an informational field which decides on the requestor (also application responsible) | MinLength: 1 Required: {} |
|
groups PaasGroups |
Groups define k8s groups, based on an LDAP query or a list of LDAP users, which get access to the namespaces belonging to this Paas. Per group, RBAC roles can be defined. |
Optional: {} |
|
quota Quota |
Quota defines the quotas which should be set on the cluster resource quota as used by this Paas project | Required: {} |
|
namespaces string array |
Namespaces can be used to define extra namespaces to be created as part of this Paas project | Optional: {} |
|
sshSecrets object (keys:string, values:string) |
You can add ssh keys (which is a type of secret) for ArgoCD to use for access to bitBucket They must be encrypted with the public key corresponding to the private key deployed together with the Paas operator |
Optional: {} |
|
managedByPaas string |
Indicated by which 3rd party Paas's ArgoCD this Paas is managed | Optional: {} |