apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: '{"apiVersion":"apiextensions.k8s.io/v1","kind":"CustomResourceDefinition","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"appprojects.argoproj.io","app.kubernetes.io/part-of":"argocd"},"name":"appprojects.argoproj.io"},"spec":{"group":"argoproj.io","names":{"kind":"AppProject","listKind":"AppProjectList","plural":"appprojects","shortNames":["appproj","appprojs"],"singular":"appproject"},"scope":"Namespaced","versions":[{"name":"v1alpha1","schema":{"openAPIV3Schema":{"description":"AppProject
provides a logical grouping of applications, providing controls for: * where
the apps may deploy to (cluster whitelist) * what may be deployed (repository
whitelist, resource whitelist/blacklist) * who can access these applications
(roles, OIDC group claims bindings) * and what they can do (RBAC policies) *
automation access to these roles (JWT tokens)","properties":{"apiVersion":{"description":"APIVersion
defines the versioned schema of this representation of an object. Servers should
convert recognized schemas to the latest internal value, and may reject unrecognized
values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources","type":"string"},"kind":{"description":"Kind
is a string value representing the REST resource this object represents. Servers
may infer this from the endpoint the client submits requests to. Cannot be updated.
In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds","type":"string"},"metadata":{"type":"object"},"spec":{"description":"AppProjectSpec
is the specification of an AppProject","properties":{"clusterResourceBlacklist":{"description":"ClusterResourceBlacklist
contains list of blacklisted cluster level resources","items":{"description":"GroupKind
specifies a Group and a Kind, but does not force a version. This is useful
for identifying concepts during lookup stages without having partially valid
types","properties":{"group":{"type":"string"},"kind":{"type":"string"}},"required":["group","kind"],"type":"object"},"type":"array"},"clusterResourceWhitelist":{"description":"ClusterResourceWhitelist
contains list of whitelisted cluster level resources","items":{"description":"GroupKind
specifies a Group and a Kind, but does not force a version. This is useful
for identifying concepts during lookup stages without having partially valid
types","properties":{"group":{"type":"string"},"kind":{"type":"string"}},"required":["group","kind"],"type":"object"},"type":"array"},"description":{"description":"Description
contains optional project description","type":"string"},"destinations":{"description":"Destinations
contains list of destinations available for deployment","items":{"description":"ApplicationDestination
holds information about the application''s destination","properties":{"name":{"description":"Name
is an alternate way of specifying the target cluster by its symbolic name","type":"string"},"namespace":{"description":"Namespace
specifies the target namespace for the application''s resources. The namespace
will only be set for namespace-scoped resources that have not set a value for
.metadata.namespace","type":"string"},"server":{"description":"Server specifies
the URL of the target cluster and must be set to the Kubernetes control plane
API","type":"string"}},"type":"object"},"type":"array"},"namespaceResourceBlacklist":{"description":"NamespaceResourceBlacklist
contains list of blacklisted namespace level resources","items":{"description":"GroupKind
specifies a Group and a Kind, but does not force a version. This is useful
for identifying concepts during lookup stages without having partially valid
types","properties":{"group":{"type":"string"},"kind":{"type":"string"}},"required":["group","kind"],"type":"object"},"type":"array"},"namespaceResourceWhitelist":{"description":"NamespaceResourceWhitelist
contains list of whitelisted namespace level resources","items":{"description":"GroupKind
specifies a Group and a Kind, but does not force a version. This is useful
for identifying concepts during lookup stages without having partially valid
types","properties":{"group":{"type":"string"},"kind":{"type":"string"}},"required":["group","kind"],"type":"object"},"type":"array"},"orphanedResources":{"description":"OrphanedResources
specifies if controller should monitor orphaned resources of apps in this project","properties":{"ignore":{"description":"Ignore
contains a list of resources that are to be excluded from orphaned resources
monitoring","items":{"description":"OrphanedResourceKey is a reference to a
resource to be ignored from","properties":{"group":{"type":"string"},"kind":{"type":"string"},"name":{"type":"string"}},"type":"object"},"type":"array"},"warn":{"description":"Warn
indicates if warning condition should be created for apps which have orphaned
resources","type":"boolean"}},"type":"object"},"permitOnlyProjectScopedClusters":{"description":"PermitOnlyProjectScopedClusters
determines whether destinations can only reference clusters which are project-scoped","type":"boolean"},"roles":{"description":"Roles
are user defined RBAC roles associated with this project","items":{"description":"ProjectRole
represents a role that has access to a project","properties":{"description":{"description":"Description
is a description of the role","type":"string"},"groups":{"description":"Groups
are a list of OIDC group claims bound to this role","items":{"type":"string"},"type":"array"},"jwtTokens":{"description":"JWTTokens
are a list of generated JWT tokens bound to this role","items":{"description":"JWTToken
holds the issuedAt and expiresAt values of a token","properties":{"exp":{"format":"int64","type":"integer"},"iat":{"format":"int64","type":"integer"},"id":{"type":"string"}},"required":["iat"],"type":"object"},"type":"array"},"name":{"description":"Name
is a name for this role","type":"string"},"policies":{"description":"Policies
Stores a list of casbin formatted strings that define access policies for the
role in the project","items":{"type":"string"},"type":"array"}},"required":["name"],"type":"object"},"type":"array"},"signatureKeys":{"description":"SignatureKeys
contains a list of PGP key IDs that commits in Git must be signed with in order
to be allowed for sync","items":{"description":"SignatureKey is the specification
of a key required to verify commit signatures with","properties":{"keyID":{"description":"The
ID of the key in hexadecimal notation","type":"string"}},"required":["keyID"],"type":"object"},"type":"array"},"sourceNamespaces":{"description":"SourceNamespaces
defines the namespaces application resources are allowed to be created in","items":{"type":"string"},"type":"array"},"sourceRepos":{"description":"SourceRepos
contains list of repository URLs which can be used for deployment","items":{"type":"string"},"type":"array"},"syncWindows":{"description":"SyncWindows
controls when syncs can be run for apps in this project","items":{"description":"SyncWindow
contains the kind, time, duration and attributes that are used to assign the
syncWindows to apps","properties":{"applications":{"description":"Applications
contains a list of applications that the window will apply to","items":{"type":"string"},"type":"array"},"clusters":{"description":"Clusters
contains a list of clusters that the window will apply to","items":{"type":"string"},"type":"array"},"duration":{"description":"Duration
is the amount of time the sync window will be open","type":"string"},"kind":{"description":"Kind
defines if the window allows or blocks syncs","type":"string"},"manualSync":{"description":"ManualSync
enables manual syncs when they would otherwise be blocked","type":"boolean"},"namespaces":{"description":"Namespaces
contains a list of namespaces that the window will apply to","items":{"type":"string"},"type":"array"},"schedule":{"description":"Schedule
is the time the window will begin, specified in cron format","type":"string"},"timeZone":{"description":"TimeZone
of the sync that will be applied to the schedule","type":"string"}},"type":"object"},"type":"array"}},"type":"object"},"status":{"description":"AppProjectStatus
contains status information for AppProject CRs","properties":{"jwtTokensByRole":{"additionalProperties":{"description":"JWTTokens
represents a list of JWT tokens","properties":{"items":{"items":{"description":"JWTToken
holds the issuedAt and expiresAt values of a token","properties":{"exp":{"format":"int64","type":"integer"},"iat":{"format":"int64","type":"integer"},"id":{"type":"string"}},"required":["iat"],"type":"object"},"type":"array"}},"type":"object"},"description":"JWTTokensByRole
contains a list of JWT tokens issued for a given role","type":"object"}},"type":"object"}},"required":["metadata","spec"],"type":"object"}},"served":true,"storage":true}]}}
'
creationTimestamp: '2021-08-30T18:57:54Z'
generation: 3
labels:
app.kubernetes.io/name: appprojects.argoproj.io
app.kubernetes.io/part-of: argocd
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:status:
f:acceptedNames:
f:kind: {}
f:listKind: {}
f:plural: {}
f:shortNames: {}
f:singular: {}
f:conditions:
k:{"type":"Established"}:
.: {}
f:lastTransitionTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
k:{"type":"NamesAccepted"}:
.: {}
f:lastTransitionTime: {}
f:message: {}
f:reason: {}
f:status: {}
f:type: {}
manager: k3s
operation: Update
time: '2021-08-30T18:57:54Z'
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:labels:
.: {}
f:app.kubernetes.io/name: {}
f:app.kubernetes.io/part-of: {}
f:spec:
f:conversion:
.: {}
f:strategy: {}
f:group: {}
f:names:
f:kind: {}
f:listKind: {}
f:plural: {}
f:shortNames: {}
f:singular: {}
f:scope: {}
f:versions: {}
manager: kubectl-client-side-apply
operation: Update
time: '2023-09-05T23:40:45Z'
name: appprojects.argoproj.io
resourceVersion: '1722490362'
uid: 206d4154-06b8-4be5-a0ec-a4bcaead0368
spec:
conversion:
strategy: None
group: argoproj.io
names:
kind: AppProject
listKind: AppProjectList
plural: appprojects
shortNames:
- appproj
- appprojs
singular: appproject
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: 'AppProject provides a logical grouping of applications, providing
controls for: * where the apps may deploy to (cluster whitelist) * what
may be deployed (repository whitelist, resource whitelist/blacklist) * who
can access these applications (roles, OIDC group claims bindings) * and
what they can do (RBAC policies) * automation access to these roles (JWT
tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description: ClusterResourceBlacklist contains list of blacklisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
clusterResourceWhitelist:
description: ClusterResourceWhitelist contains list of whitelisted
cluster level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
description:
description: Description contains optional project description
type: string
destinations:
description: Destinations contains list of destinations available
for deployment
items:
description: ApplicationDestination holds information about the
application's destination
properties:
name:
description: Name is an alternate way of specifying the target
cluster by its symbolic name
type: string
namespace:
description: Namespace specifies the target namespace for the
application's resources. The namespace will only be set for
namespace-scoped resources that have not set a value for .metadata.namespace
type: string
server:
description: Server specifies the URL of the target cluster
and must be set to the Kubernetes control plane API
type: string
type: object
type: array
namespaceResourceBlacklist:
description: NamespaceResourceBlacklist contains list of blacklisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
namespaceResourceWhitelist:
description: NamespaceResourceWhitelist contains list of whitelisted
namespace level resources
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
orphanedResources:
description: OrphanedResources specifies if controller should monitor
orphaned resources of apps in this project
properties:
ignore:
description: Ignore contains a list of resources that are to be
excluded from orphaned resources monitoring
items:
description: OrphanedResourceKey is a reference to a resource
to be ignored from
properties:
group:
type: string
kind:
type: string
name:
type: string
type: object
type: array
warn:
description: Warn indicates if warning condition should be created
for apps which have orphaned resources
type: boolean
type: object
permitOnlyProjectScopedClusters:
description: PermitOnlyProjectScopedClusters determines whether destinations
can only reference clusters which are project-scoped
type: boolean
roles:
description: Roles are user defined RBAC roles associated with this
project
items:
description: ProjectRole represents a role that has access to a
project
properties:
description:
description: Description is a description of the role
type: string
groups:
description: Groups are a list of OIDC group claims bound to
this role
items:
type: string
type: array
jwtTokens:
description: JWTTokens are a list of generated JWT tokens bound
to this role
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
name:
description: Name is a name for this role
type: string
policies:
description: Policies Stores a list of casbin formatted strings
that define access policies for the role in the project
items:
type: string
type: array
required:
- name
type: object
type: array
signatureKeys:
description: SignatureKeys contains a list of PGP key IDs that commits
in Git must be signed with in order to be allowed for sync
items:
description: SignatureKey is the specification of a key required
to verify commit signatures with
properties:
keyID:
description: The ID of the key in hexadecimal notation
type: string
required:
- keyID
type: object
type: array
sourceNamespaces:
description: SourceNamespaces defines the namespaces application resources
are allowed to be created in
items:
type: string
type: array
sourceRepos:
description: SourceRepos contains list of repository URLs which can
be used for deployment
items:
type: string
type: array
syncWindows:
description: SyncWindows controls when syncs can be run for apps in
this project
items:
description: SyncWindow contains the kind, time, duration and attributes
that are used to assign the syncWindows to apps
properties:
applications:
description: Applications contains a list of applications that
the window will apply to
items:
type: string
type: array
clusters:
description: Clusters contains a list of clusters that the window
will apply to
items:
type: string
type: array
duration:
description: Duration is the amount of time the sync window
will be open
type: string
kind:
description: Kind defines if the window allows or blocks syncs
type: string
manualSync:
description: ManualSync enables manual syncs when they would
otherwise be blocked
type: boolean
namespaces:
description: Namespaces contains a list of namespaces that the
window will apply to
items:
type: string
type: array
schedule:
description: Schedule is the time the window will begin, specified
in cron format
type: string
timeZone:
description: TimeZone of the sync that will be applied to the
schedule
type: string
type: object
type: array
type: object
status:
description: AppProjectStatus contains status information for AppProject
CRs
properties:
jwtTokensByRole:
additionalProperties:
description: JWTTokens represents a list of JWT tokens
properties:
items:
items:
description: JWTToken holds the issuedAt and expiresAt values
of a token
properties:
exp:
format: int64
type: integer
iat:
format: int64
type: integer
id:
type: string
required:
- iat
type: object
type: array
type: object
description: JWTTokensByRole contains a list of JWT tokens issued
for a given role
type: object
type: object
required:
- metadata
- spec
type: object
served: true
storage: true
status:
acceptedNames:
kind: AppProject
listKind: AppProjectList
plural: appprojects
shortNames:
- appproj
- appprojs
singular: appproject
conditions:
- lastTransitionTime: '2021-08-30T18:57:54Z'
message: no conflicts found
reason: NoConflicts
status: 'True'
type: NamesAccepted
- lastTransitionTime: '2021-08-30T18:57:54Z'
message: the initial names have been accepted
reason: InitialNamesAccepted
status: 'True'
type: Established
storedVersions:
- v1alpha1