Version: 0.7

Custom Resource Definitions

Packages

aks.compute.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the gke v1alpha1 API group

Resource Types:

AKS#

AKS is the schema for an AKS cluster object

FieldDescription
apiVersion
string
aks.compute.kore.appvia.io/v1alpha1
kind
string
AKS
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AKSSpec
agentPoolProfiles
[]AgentPoolProfile

AgentPoolProfiles is the set of node pools for this cluster.

authorizedIPRanges
[]string

AuthorizedIPRanges are IP ranges to whitelist for incoming traffic to the API servers

cluster
Ownership

Cluster refers to the cluster this object belongs to

credentials
Ownership

Credentials is a reference to the AKS credentials object to use

description
string

Description provides a short summary / description of the cluster.

dnsPrefix
string

DNSPrefix is the DNS prefix for the cluster Must contain between 3 and 45 characters, and can contain only letters, numbers, and hyphens. It must start with a letter and must end with a letter or a number.

enablePodSecurityPolicy
bool

EnablePodSecurityPolicy indicates whether Pod Security Policies should be enabled Note that this also requires role based access control to be enabled. This feature is currently in preview and PodSecurityPolicyPreview for namespace Microsoft.ContainerService must be enabled.

enablePrivateCluster
bool

EnablePrivateCluster controls whether the Kubernetes API is only exposed on the private network

kubernetesVersion
string

KubernetesVersion is the Kubernetes version

linuxProfile
LinuxProfile

LinuxProfile is the configuration for Linux VMs

location
string

Location is the location where the AKS cluster should be created

networkPolicy
string

NetworkPolicy is the network policy to use for networking. “”, “azure” or “calico”

serviceAddressRange
string

ServiceAddressRange is the IPv4 address range for Kubernetes services Must not be within the virtual network IP address range of your cluster Must not overlap with any other virtual networks with which the cluster virtual network peers Must not overlap with any on-premises IPs Must not be within the ranges 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24

windowsProfile
WindowsProfile

WindowsProfile is the configuration for Windows VMs

tags
map[string]string

Tags is a collection of metadata tags to apply to the Azure resources which make up this cluster

status
AKSStatus
components
Components

Components is the status of the components

caCertificate
string

CACertificate is the certificate for this cluster

endpoint
string

Endpoint is the endpoint of the cluster

status
Status

Status provides the overall status

message
string

Message is the status message

AKSSpec#

(Appears on: AKS)

AKSSpec defines the desired state of an AKS cluster

FieldDescription
agentPoolProfiles
[]AgentPoolProfile

AgentPoolProfiles is the set of node pools for this cluster.

authorizedIPRanges
[]string

AuthorizedIPRanges are IP ranges to whitelist for incoming traffic to the API servers

cluster
Ownership

Cluster refers to the cluster this object belongs to

credentials
Ownership

Credentials is a reference to the AKS credentials object to use

description
string

Description provides a short summary / description of the cluster.

dnsPrefix
string

DNSPrefix is the DNS prefix for the cluster Must contain between 3 and 45 characters, and can contain only letters, numbers, and hyphens. It must start with a letter and must end with a letter or a number.

enablePodSecurityPolicy
bool

EnablePodSecurityPolicy indicates whether Pod Security Policies should be enabled Note that this also requires role based access control to be enabled. This feature is currently in preview and PodSecurityPolicyPreview for namespace Microsoft.ContainerService must be enabled.

enablePrivateCluster
bool

EnablePrivateCluster controls whether the Kubernetes API is only exposed on the private network

kubernetesVersion
string

KubernetesVersion is the Kubernetes version

linuxProfile
LinuxProfile

LinuxProfile is the configuration for Linux VMs

location
string

Location is the location where the AKS cluster should be created

networkPolicy
string

NetworkPolicy is the network policy to use for networking. “”, “azure” or “calico”

serviceAddressRange
string

ServiceAddressRange is the IPv4 address range for Kubernetes services Must not be within the virtual network IP address range of your cluster Must not overlap with any other virtual networks with which the cluster virtual network peers Must not overlap with any on-premises IPs Must not be within the ranges 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24

windowsProfile
WindowsProfile

WindowsProfile is the configuration for Windows VMs

tags
map[string]string

Tags is a collection of metadata tags to apply to the Azure resources which make up this cluster

AKSStatus#

(Appears on: AKS)

AKSStatus defines the observed state of an AKS cluster

FieldDescription
components
Components

Components is the status of the components

caCertificate
string

CACertificate is the certificate for this cluster

endpoint
string

Endpoint is the endpoint of the cluster

status
Status

Status provides the overall status

message
string

Message is the status message

AgentPoolProfile#

(Appears on: AKSSpec)

AgentPoolProfile represents a node pool within a GKE cluster

FieldDescription
name
string

Name provides a descriptive name for this node pool - must be unique within cluster

mode
string

Mode Type of the node pool. System node pools serve the primary purpose of hosting critical system pods such as CoreDNS and tunnelfront. User node pools serve the primary purpose of hosting your application pods.

enableAutoScaling
bool

EnableAutoScaling indicates if the node pool should be configured with autoscaling turned on

nodeImageVersion
string

NodeImageVersion is the initial kubernetes version which the node group should be configured with.

count
int64

Count is the number of nodes

minCount
int64

MinCount assuming the autoscaler is enabled this is the maximum number nodes permitted

maxCount
int64

MaxCount assuming the autoscaler is enabled this is the maximum number nodes permitted

maxPods
int64

MaxPods controls how many pods can be scheduled onto each node in this pool

vmSize
string

VMSize controls the type of nodes used in this node pool

osType
string

OsType controls the operating system image of nodes used in this node pool

osDiskSizeGB
int64

OsDiskSizeGB is the size of the disk used by the compute nodes.

nodeLabels
map[string]string

NodeLabels is a set of labels to help Kubernetes workloads find this group

nodeTaints
[]NodeTaint

NodeTaints are a collection of kubernetes taints applied to the node on provisioning

networkSubnetID
string

NetworkSubnetID is the virtual network subnet id

LinuxProfile#

(Appears on: AKSSpec)

LinuxProfile is the configuration for Linux VMs

FieldDescription
adminUsername
string

AdminUsername is the admin username for Linux VMs

sshPublicKeys
[]string

SSHPublicKeys is a list of public SSH keys to allow to connect to the Linux VMs

NodeTaint#

(Appears on: AgentPoolProfile)

NodeTaint is the structure of a taint on a nodepoolhttps://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

FieldDescription
key
string

Key provides the key definition for this tainer

value
string

Value is arbitrary value for this taint to compare

effect
string

Effect is desired action on the taint

WindowsProfile#

(Appears on: AKSSpec)

WindowsProfile is the configuration for Windows VMs

FieldDescription
adminUsername
string

AdminUsername is the admin username for Windows VMs

adminPassword
string

AdminPassword is the admin password for Windows VMs

aws.compute.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the aws v1alpha1 API group

Resource Types:

EKS#

EKS is the Schema for the eksclusters API

FieldDescription
apiVersion
string
aws.compute.kore.appvia.io/v1alpha1
kind
string
EKS
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
EKSSpec
name
string

Name is the name of the EKS cluster in AWS If not set, it defaults to the object’s name

authorizedMasterNetworks
[]string

AuthorizedMasterNetworks is the network ranges which are permitted to access the EKS control plane endpoint i.e the managed one (not the authentication proxy)

cluster
Ownership

Cluster refers to the cluster this object belongs to

enableEndpointPrivate
bool

EnableEndpointPrivate indicates the EKS endpoint should be private and non-public facing

version
string

Version is the Kubernetes version to use

region
string

Region is the AWS region to launch this cluster within

subnetIDs
[]string

SubnetIds is a list of subnet IDs

securityGroupIDs
[]string

SecurityGroupIds is a list of security group IDs

credentials
Ownership

Credentials is a reference to an CloudAccount object to use for authentication

tags
map[string]string

Tags is a collection of tags to apply to the AWS resources which make up this cluster

cloudWatchLogging
CloudWatchLogging

CloudWatchLogging allows all control plane logging to be enabled

status
EKSStatus
conditions
Components

Conditions is the status of the components

caCertificate
string

CACertificate is the certificate for this cluster

endpoint
string

Endpoint is the endpoint of the cluster

arn
string

ARN is the AWS ARN of the EKS cluster resource

roleARN
string

RoleARN is the role ARN which provides permissions to EKS

oidcProviderURL
string

OIDCProviderURL is the OIDC provider URL (used for providing IAM roles for service accounts)

status
Status

Status provides a overall status

EKSNodeGroup#

EKSNodeGroup is the Schema for the eksnodegroups API

FieldDescription
apiVersion
string
aws.compute.kore.appvia.io/v1alpha1
kind
string
EKSNodeGroup
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
EKSNodeGroupSpec
amiType
string

AMIType is the AWS Machine Image type. We use a sensible default.

cluster
Ownership

Cluster refers to the cluster this object belongs to

diskSize
int64
instanceType
string

InstanceType is the EC2 machine type

labels
map[string]string

Labels are any custom kubernetes labels to apply to nodes

version
string

Version is the Kubernetes version to run for the kubelet

releaseVersion
string

ReleaseVersion is release version of the managed node ami

desiredSize
int64

DesiredSize is the number of nodes to attempt to use

maxSize
int64

MaxSize is the most nodes the nodegroups can grow to

minSize
int64

MinSize is the least nodes the nodegroups can shrink to

subnets
[]string

Subnets is the VPC networks to use for the nodes

tags
map[string]string

Tags are the AWS metadata to apply to the node group

region
string

Region is the AWS location to launch node group within, must match the region of the cluster

sshSourceSecurityGroups
[]string

SSHSourceSecurityGroups is the security groups that are allowed SSH access (port 22) to the worker nodes

eC2SSHKey
string

EC2SSHKey is the Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node grouphttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

enableAutoscaler
bool

EnableAutoscaler indicates if the node pool should be configured with autoscaling turned on

credentials
Ownership

Credentials is a reference to an AWSCredentials object to use for authentication

status
EKSNodeGroupStatus
conditions
Components

Conditions is the status of the components

nodeIAMRole
string

NodeIAMRole is the IAM role assumed by the worker nodes themselves

autoScalingGroupNames
[]string

AutoScalingGroupName is the name of the Auto Scaling Groups belonging to this node group

status
Status

Status provides a overall status

EKSVPC#

EKSVPC is the Schema for the eksvpc API

FieldDescription
apiVersion
string
aws.compute.kore.appvia.io/v1alpha1
kind
string
EKSVPC
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
EKSVPCSpec
name
string

Name is the name of the VPC in AWS If not set, it defaults to the object’s name

credentials
Ownership

Credentials is a reference to an AWSCredentials object to use for authentication

cluster
Ownership

Cluster refers to the cluster this object belongs to

privateNetworkEnabled
bool

PrivateNetworkEnabled indicates the network is private and can allow all

privateIPV4Cidr
string

PrivateIPV4Cidr is the private range used for the VPC

region
string

Region is the AWS region of the VPC and any resources created

tags
map[string]string

Tags is a collection of tags to apply to the AWS resources which make up this VPC

status
EKSVPCStatus
conditions
Components

Conditions is the status of the components

status
Status

Status provides a overall status

infra
Infra

Infra provides a cache of values discovered from infrastructure k8s:openapi-gen=false

CloudWatchLogging#

(Appears on: EKSSpec)

CloudWatchLogging defines the control plane logging options

FieldDescription
api
bool

API will enable logging for the Kubernetes API server

audit
bool

Audit will enable logging for the Kubernetes audit

authenticator
bool

Authenticator will enable logging for the Kubernetes authentication

controllerManager
bool

ControllerManager will enable logging for the Kubernetes controller manager

scheduler
bool

Scheduler will enable logging for the Kubernetes scheduler component

EKSNodeGroupSpec#

(Appears on: EKSNodeGroup)

EKSNodeGroupSpec defines the desired state of EKSNodeGroup

FieldDescription
amiType
string

AMIType is the AWS Machine Image type. We use a sensible default.

cluster
Ownership

Cluster refers to the cluster this object belongs to

diskSize
int64
instanceType
string

InstanceType is the EC2 machine type

labels
map[string]string

Labels are any custom kubernetes labels to apply to nodes

version
string

Version is the Kubernetes version to run for the kubelet

releaseVersion
string

ReleaseVersion is release version of the managed node ami

desiredSize
int64

DesiredSize is the number of nodes to attempt to use

maxSize
int64

MaxSize is the most nodes the nodegroups can grow to

minSize
int64

MinSize is the least nodes the nodegroups can shrink to

subnets
[]string

Subnets is the VPC networks to use for the nodes

tags
map[string]string

Tags are the AWS metadata to apply to the node group

region
string

Region is the AWS location to launch node group within, must match the region of the cluster

sshSourceSecurityGroups
[]string

SSHSourceSecurityGroups is the security groups that are allowed SSH access (port 22) to the worker nodes

eC2SSHKey
string

EC2SSHKey is the Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node grouphttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

enableAutoscaler
bool

EnableAutoscaler indicates if the node pool should be configured with autoscaling turned on

credentials
Ownership

Credentials is a reference to an AWSCredentials object to use for authentication

EKSNodeGroupStatus#

(Appears on: EKSNodeGroup)

EKSNodeGroupStatus defines the observed state of EKSNodeGroup

FieldDescription
conditions
Components

Conditions is the status of the components

nodeIAMRole
string

NodeIAMRole is the IAM role assumed by the worker nodes themselves

autoScalingGroupNames
[]string

AutoScalingGroupName is the name of the Auto Scaling Groups belonging to this node group

status
Status

Status provides a overall status

EKSSpec#

(Appears on: EKS)

EKSSpec defines the desired state of EKSCluster

FieldDescription
name
string

Name is the name of the EKS cluster in AWS If not set, it defaults to the object’s name

authorizedMasterNetworks
[]string

AuthorizedMasterNetworks is the network ranges which are permitted to access the EKS control plane endpoint i.e the managed one (not the authentication proxy)

cluster
Ownership

Cluster refers to the cluster this object belongs to

enableEndpointPrivate
bool

EnableEndpointPrivate indicates the EKS endpoint should be private and non-public facing

version
string

Version is the Kubernetes version to use

region
string

Region is the AWS region to launch this cluster within

subnetIDs
[]string

SubnetIds is a list of subnet IDs

securityGroupIDs
[]string

SecurityGroupIds is a list of security group IDs

credentials
Ownership

Credentials is a reference to an CloudAccount object to use for authentication

tags
map[string]string

Tags is a collection of tags to apply to the AWS resources which make up this cluster

cloudWatchLogging
CloudWatchLogging

CloudWatchLogging allows all control plane logging to be enabled

EKSStatus#

(Appears on: EKS)

EKSStatus defines the observed state of EKS cluster

FieldDescription
conditions
Components

Conditions is the status of the components

caCertificate
string

CACertificate is the certificate for this cluster

endpoint
string

Endpoint is the endpoint of the cluster

arn
string

ARN is the AWS ARN of the EKS cluster resource

roleARN
string

RoleARN is the role ARN which provides permissions to EKS

oidcProviderURL
string

OIDCProviderURL is the OIDC provider URL (used for providing IAM roles for service accounts)

status
Status

Status provides a overall status

EKSVPCSpec#

(Appears on: EKSVPC)

EKSVPCSpec defines the desired state of EKSVPC

FieldDescription
name
string

Name is the name of the VPC in AWS If not set, it defaults to the object’s name

credentials
Ownership

Credentials is a reference to an AWSCredentials object to use for authentication

cluster
Ownership

Cluster refers to the cluster this object belongs to

privateNetworkEnabled
bool

PrivateNetworkEnabled indicates the network is private and can allow all

privateIPV4Cidr
string

PrivateIPV4Cidr is the private range used for the VPC

region
string

Region is the AWS region of the VPC and any resources created

tags
map[string]string

Tags is a collection of tags to apply to the AWS resources which make up this VPC

EKSVPCStatus#

(Appears on: EKSVPC)

EKSVPCStatus defines the observed state of a VPC

FieldDescription
conditions
Components

Conditions is the status of the components

status
Status

Status provides a overall status

infra
Infra

Infra provides a cache of values discovered from infrastructure k8s:openapi-gen=false

Infra#

(Appears on: EKSVPCStatus)

Infra defines types that cannot be specified at creation time These values are discovered from infrastructure AFTER a create It is provided as a convienece for caching values

FieldDescription
vpcID
string

VpcID is the identifier of the VPC

availabilityZoneIDs
[]string

AvailabilityZoneIDs is the list of AZ ids

availabilityZoneNames
[]string

AvailabilityZoneIDs is the list of AZ names

privateSubnetIDs
[]string

PrivateSubnetIds is a list of subnet IDs to use for the worker nodes

publicSubnetIDs
[]string

PublicSubnetIDs is a list of subnet IDs to use for resources that need a public IP (e.g. load balancers)

securityGroupIDs
[]string

SecurityGroupIds is a list of security group IDs to use for a cluster

ipv4EgressAddresses
[]string

PublicIPV4EgressAddresses provides the source addresses for traffic coming from the cluster - can provide input for securing Kube API endpoints in managed clusters

privateIPV4Addresses
[]string

PrivateIPV4Addresses provides the list of private subnet addresses

publicIPV4Addresses
[]string

PublicIPV4Addresses provides the list of public subnet addresses

aws.kore.appvia.io/v1beta1#

Package v1beta1 contains API Schema definitions for the AWS v1beta1 API group

Resource Types:

ExternalVPC#

ExternalVPC is the Schema for the non-kore managed vpc

FieldDescription
apiVersion
string
aws.kore.appvia.io/v1beta1
kind
string
ExternalVPC
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ExternalVPCSpec
accountID
string

AccountID is the account is different we need to peer with

description
string

Description describes what the network is for / pointing to

providerSourceRef
Ownership

ProviderSourceRef is a reference to the cloudaccount for the source

region
string

Region is the AWS region the account exists

routeTableSelector
map[string]string

RouteTableSelector is used to filter in the route tables for this network. When adding routes these are used to add the routes to

routes
[]string

Routes is route we should advertise into the source network

vpcID
string

VPCID is the vpc id we need to connect to

status
ExternalVPCStatus
conditions
[]Condition

Conditions is a set of components conditions

status
Status

Status provides a overall status

Peering#

Peering is the Schema for the aws peerings

FieldDescription
apiVersion
string
aws.kore.appvia.io/v1beta1
kind
string
Peering
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PeeringSpec
destinationNetworkRef
Ownership

DestinationNetworkRef is a reference to the vpc destination

enableAcceptance
bool

EnableAcceptance indicates we should accept on the destination end

enableDestinationRouting
bool

EnableDestinationRouting indicates we should update the destination routing

routeTableDestinationSelector
map[string]string

RouteTableDestinationSelector provides the tags selector for the route table, assuming update route table option is enabled

routeTableSourceSelector
map[string]string

RouteTableSourceSelector provides the tags selector for the route table, assuming update route table option is enabled

sourceNetworkRef
Ownership

SourceNetworkRef is a reference to the vpc to peering source

status
PeeringStatus
peeringStatus
string

PeeringStatus is the current status of the peering connection

peeringID
string

PeeringID is the peering connection id from aws

sourceAccount
PeeringAccount

SourceAccountID is the account the peering has been requested from

destinationAccount
PeeringAccount

DestinationAccountID is the destination account

conditions
[]Condition

Conditions is a set of components conditions

status
Status

Status provides a overall status

SecurityGroupRule#

SecurityGroupRule is the Schema for the security group rule

FieldDescription
apiVersion
string
aws.kore.appvia.io/v1beta1
kind
string
SecurityGroupRule
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
SecurityGroupRuleSpec
description
string

Description provides a human readiable description for the existence

networkRef
Ownership

NetworkRef is the source network the security group is attached to

securityGroupSelector
map[string]string

SecurityGroupSelector is a selector used to find the security groups

providerRef
Ownership

ProviderRef is a reference to the credentials to use for the api access

protocol
string

Protocol is the networking protocol - i.e. tcp or udp

portRangeFrom
int64

PortRangeFrom is the port range being allowed

portRangeTo
int64

PortRangeTo is the port range being allowed

sources
[]string

Sources is a collection of network ranges

status
SecurityGroupRuleStatus
conditions
[]Condition

Conditions is the status of the components

phase
string

Phase indicates the current phase of the rule - i.e create or not

status
Status

Status provides a overall status

ExternalVPCSpec#

(Appears on: ExternalVPC)

ExternalVPCSpec defines the desired state of non-kore managed vpc resource

FieldDescription
accountID
string

AccountID is the account is different we need to peer with

description
string

Description describes what the network is for / pointing to

providerSourceRef
Ownership

ProviderSourceRef is a reference to the cloudaccount for the source

region
string

Region is the AWS region the account exists

routeTableSelector
map[string]string

RouteTableSelector is used to filter in the route tables for this network. When adding routes these are used to add the routes to

routes
[]string

Routes is route we should advertise into the source network

vpcID
string

VPCID is the vpc id we need to connect to

ExternalVPCStatus#

(Appears on: ExternalVPC)

ExternalVPCStatus defines the observed state of an non-managed kore vpc

FieldDescription
conditions
[]Condition

Conditions is a set of components conditions

status
Status

Status provides a overall status

PeeringAccount#

(Appears on: PeeringStatus)

PeeringAccount types a peering account

FieldDescription
accountID
string

AccountID is the id of the account

networkID
string

NetworkID is the network id we connecting to

region
string

Region is the aws region the account exists

routes
[]string

Routes is a collection of route added

type
string

Type is the type of resource we are connecting (vpc, external-vpc, transit)

PeeringSpec#

(Appears on: Peering)

PeeringSpec defines the desired state of peering request

FieldDescription
destinationNetworkRef
Ownership

DestinationNetworkRef is a reference to the vpc destination

enableAcceptance
bool

EnableAcceptance indicates we should accept on the destination end

enableDestinationRouting
bool

EnableDestinationRouting indicates we should update the destination routing

routeTableDestinationSelector
map[string]string

RouteTableDestinationSelector provides the tags selector for the route table, assuming update route table option is enabled

routeTableSourceSelector
map[string]string

RouteTableSourceSelector provides the tags selector for the route table, assuming update route table option is enabled

sourceNetworkRef
Ownership

SourceNetworkRef is a reference to the vpc to peering source

PeeringStatus#

(Appears on: Peering)

PeeringStatus defines the observed state of an Account

FieldDescription
peeringStatus
string

PeeringStatus is the current status of the peering connection

peeringID
string

PeeringID is the peering connection id from aws

sourceAccount
PeeringAccount

SourceAccountID is the account the peering has been requested from

destinationAccount
PeeringAccount

DestinationAccountID is the destination account

conditions
[]Condition

Conditions is a set of components conditions

status
Status

Status provides a overall status

SecurityGroupRuleSpec#

(Appears on: SecurityGroupRule)

SecurityGroupRuleSpec defines the desired state of security group rule

FieldDescription
description
string

Description provides a human readiable description for the existence

networkRef
Ownership

NetworkRef is the source network the security group is attached to

securityGroupSelector
map[string]string

SecurityGroupSelector is a selector used to find the security groups

providerRef
Ownership

ProviderRef is a reference to the credentials to use for the api access

protocol
string

Protocol is the networking protocol - i.e. tcp or udp

portRangeFrom
int64

PortRangeFrom is the port range being allowed

portRangeTo
int64

PortRangeTo is the port range being allowed

sources
[]string

Sources is a collection of network ranges

SecurityGroupRuleStatus#

(Appears on: SecurityGroupRule)

SecurityGroupRuleStatus defines the observed state of a security group rule

FieldDescription
conditions
[]Condition

Conditions is the status of the components

phase
string

Phase indicates the current phase of the rule - i.e create or not

status
Status

Status provides a overall status

aws.org.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the AWS v1alpha1 API group

Resource Types:

AWSAccount#

AWSAccount is the Schema for the AccountClaims API

FieldDescription
apiVersion
string
aws.org.kore.appvia.io/v1alpha1
kind
string
AWSAccount
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AccountSpec
accountName
string

AccountName is the name of the account to create. We do this internally so we can easily change the account name without changing the resource name

region
string

Region is the default aws region resources will be created in for this account

organization
Ownership

Organization is a reference to the aws organisation to use

labels
map[string]string

Labels are a set of labels on the project

status
AccountStatus
credentialRef
Kubernetes core/v1.SecretReference

CredentialRef is the reference to the credentials secret

accountID
string

AccountID is the aws account id

serviceCatalogProvisioningID
string

ServiceCatalogProvisioningID is the control tower account factory, service catalog provisioning record ID. If set, creation is being tracked

status
Status

Status provides a overall status

conditions
Components

Conditions is a set of components conditions

AccountSpec#

(Appears on: AWSAccount)

AccountSpec defines the desired state of AccountClaim

FieldDescription
accountName
string

AccountName is the name of the account to create. We do this internally so we can easily change the account name without changing the resource name

region
string

Region is the default aws region resources will be created in for this account

organization
Ownership

Organization is a reference to the aws organisation to use

labels
map[string]string

Labels are a set of labels on the project

AccountStatus#

(Appears on: AWSAccount)

AccountStatus defines the observed state of an AWS Account

FieldDescription
credentialRef
Kubernetes core/v1.SecretReference

CredentialRef is the reference to the credentials secret

accountID
string

AccountID is the aws account id

serviceCatalogProvisioningID
string

ServiceCatalogProvisioningID is the control tower account factory, service catalog provisioning record ID. If set, creation is being tracked

status
Status

Status provides a overall status

conditions
Components

Conditions is a set of components conditions

azure.compute.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the Azure v1alpha1 API group

Resource Types:

AzureSubscription#

AzureSubscription represents a request for an azure subscription to exist

FieldDescription
apiVersion
string
azure.compute.kore.appvia.io/v1alpha1
kind
string
AzureSubscription
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AzureSubscriptionSpec
organization
CloudAccountReference

Organization is a reference to the organization to use

name
string

Name is the name to give this subscription within the account hierarchy in Azure

status
AzureSubscriptionStatus
subscriptionID
string

SubscriptionID is the assigned unique identifier for this subscription

status
Status

Status provides a overall status

message
string

Message provides a description of the status

conditions
Components

Conditions is a set of components conditions

AzureSubscriptionSpec#

(Appears on: AzureSubscription)

AzureSubscriptionSpec defines the desired state of an Azure Subscription

FieldDescription
organization
CloudAccountReference

Organization is a reference to the organization to use

name
string

Name is the name to give this subscription within the account hierarchy in Azure

AzureSubscriptionStatus#

(Appears on: AzureSubscription)

AzureSubscriptionStatus defines the observed state of a subscription cluster

FieldDescription
subscriptionID
string

SubscriptionID is the assigned unique identifier for this subscription

status
Status

Status provides a overall status

message
string

Message provides a description of the status

conditions
Components

Conditions is a set of components conditions

cloudaccess.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the CloudAccess API group

Resource Types:

CloudAccount#

CloudAccount represents an account/project/subscription in a cloud provider which Kore should know about

FieldDescription
apiVersion
string
cloudaccess.kore.appvia.io/v1alpha1
kind
string
CloudAccount
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CloudAccountSpec
name
string

Name is the unique logical name for this cloud account

cloud
string

Cloud defines which cloud provider this account is for

identifier
string

Identifier is the unique identifier for this account with the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc. Required unless the accountType is koremanaged.

For accountType organization this should be the account ID/subscription ID/project ID to place shared org-wide resources such as DNS root zones, etc. For AWS this must be the same AWS Master Account ID used for OrgIdentifier.

To use the identifier for a CloudAccount, ALWAYS reference Status.Identifier, not this field, as this will be unpopulated and ignored on koremanaged accounts.

orgIdentifier
string

OrgIdentifier, required only for accountType organization and must be populated with the identifier for the organization - for example, AWS Master Account ID, Azure Tenant ID, GCP Organization ID, etc.

Ignored if accountType is not organization.

accountType
string

AccountType identifies whether this is an organization account (which can be used by Kore to create managed accounts), a shared account (used directly to build team infrastructure), or a koremanaged acccount (created by Kore’s account management features)

defaultRegion
string

DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth

parentAccount
CloudAccountReference

ParentAccount is a reference to another CloudAccount (with account type ‘organization’) of this cloud account, for koremanaged (required) and shared (optional) accounts.

providerDetails
CloudAccountProviderDetails

ProviderDetails provides additional fields which can be used for cloud-provider specific data, such as a GCP billing account ID.

namingRules
[]github.com/appvia/kore/pkg/apis/cloudaccess/v1alpha1.CloudAccountNamingRule

NamingRules describes for Organization type accounts how to name child accounts based on the plan chosen. Required for account factory functionality to operate for an Organization account.

identityCred
CloudCredentialReference

IdentityCred is a reference to the credential for Kore to identify itself to this cloud provider when using this account.

To use workload identity, specify an empty namespace and name - this will only work if Workload Identity has been configured in the Kore management cluster, this account is in the same cloud provider as the management cluster, and that workload identity is given access to this account)

features
[]string

Features lists the ways in which it is intended for this cloud account to be used. This will allow the relevant set of roles to be determined for this cloud account.

roles
[]CloudAccountRole

Roles defines the possible ways in which Kore can use this account, along with details of how Kore should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud account is defined by the enabled features.

status
CloudAccountStatus
status
Status

Status provides a overall status

message
string

Message is the description of the current status

components
Components

Components is a set of underlying components of which this cloud account is comprised for koremanaged accounts.

identifier
string

Identifier is the assigned unique identifier for this account. For koremanaged accounts this will be the identifier for the created account. For all other accounts, this will be the value provided in Spec.Identifier.

This field should ALWAYS be used if you need the correct identifier for a cloud account. Do not rely on Spec.Identifier which is unpopulated for koremanaged accounts.

providerAccountRef
Ownership

ProviderAccountRef is a reference to the provider account for this cloud account where the type is koremanaged.

features
map[string]github.com/appvia/kore/pkg/apis/cloudaccess/v1alpha1.CloudAccountFeatureStatus

Features describes the status of any features specified on this cloud account.

roles
map[string]github.com/appvia/kore/pkg/apis/cloudaccess/v1alpha1.CloudAccountRoleStatus

Roles provides the status of each underlying required role. The keys of the map are the role names.

CloudAccountClaim#

CloudAccountClaim represents a request for a cloud account to come into existence for a team

FieldDescription
apiVersion
string
cloudaccess.kore.appvia.io/v1alpha1
kind
string
CloudAccountClaim
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CloudAccountClaimSpec
name
string

Name is the name of the account to create.

parent
CloudAccountReference

Parent is a reference to a CloudAccount which this claim should use for provisioning the account. If this is an Organization account, this will trigger the creation of a new account within this parent. If it is a Shared or Kore Managed account, it will be validated and used directly. Any child account will inherit the Cloud provider from this parent.

status
CloudAccountClaimStatus
components
Components

Conditions is a set of components conditions

cloudAccountRef
CloudAccountReference

CloudAccountRef is a reference to the assigned or created cloud account

identifier
string

Identifier is the assigned account ID / project ID / subscription ID

status
Status

Status provides a overall status

message
string

Message is the description of the current status

CloudCredential#

CloudCredential represents a set of credentials to access a cloud account which Kore can use to perform its operations

FieldDescription
apiVersion
string
cloudaccess.kore.appvia.io/v1alpha1
kind
string
CloudCredential
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CloudCredentialSpec
name
string

Name is a human-understandable name for this credential

cloud
string

Cloud defines which cloud provider this credential is for

implicitIdentity
bool

ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used.

credentialsInputData
map[string]string

CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API.

If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Kore.

Where CredentialsInputData is specified but this is left blank, Kore will assign this value.

credentialsUpdated
Kubernetes meta/v1.Time

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Kore, update this field to trigger re-verification of this credential.

status
CloudCredentialStatus
status
Status

Status provides a overall status

message
string

Message is the description of the current status

verified
bool

Verified checks that the credentials are ok and valid

identity
string

Identity is the unique reference to the cloud principle e.g. aws role, gcp service-account etc.

AWSAccountParameters#

(Appears on: CloudAccountProviderDetails)

AWSAccountParameters provides the specific parameters for an AWS account

AWSOrganizationParameters#

(Appears on: CloudAccountProviderDetails)

AWSOrganizationParameters provides the specific parameters for an AWS organisation account

FieldDescription
ssoUser
AWSSSOUser

SsoUser is the user who will be the organisational account owner for all accounts. Required if feature AccountManagement enabled.

ouName
string

OuName is the name of the parent Organizational Unit (OU) to use for provisioning accounts Required if feature AccountManagement enabled.

region
string

Region is the region where control tower is enabled in the master account Required if feature AccountManagement enabled.

AWSSSOUser#

(Appears on: AWSOrganizationParameters)

AWSSSOUser describes the details required to identify an AWS SSO user to user for all accounts

FieldDescription
email
string

Email is the unique user email address specified for the AWS SSO user Required if feature AccountManagement enabled.

firstName
string

FirstName is the firstname(s) field for an AWS SSO user Required if feature AccountManagement enabled.

lastName
string

LastName is the last name of an SSO user Required if feature AccountManagement enabled.

AzureSubscriptionParameters#

(Appears on: CloudAccountProviderDetails)

AzureSubscriptionParameters provides the specific parameters for an Azure subscription

AzureTenantParameters#

(Appears on: CloudAccountProviderDetails)

AzureTenantParameters provides the specific parameters for an Azure tenant (organisation) account

FieldDescription
agreementType
string

AgreementType defines whether we’re building subscriptions in an MCA or Enterprise Agreement backed Azure setup

ownerObjectID
string

OwnerObjectID specifies the Object ID of an Azure AD group, user or service principal to grant Owner privilege on all created subscriptions. This is required to ensure that generated subscriptions are owned by an object controlled by your company.

Example: 8bf96a8f-abcd-ef12-a389-883d6116a5da

contributorObjectID
string

ContributorObjectID specifies an optional object ID of an Azure AD group, user or service principal to grant Contributor privilege on all created subscriptions.

Example: 8bf96a8f-dcef-abc1-a389-883d6116a5da

managementGroupID
string

ManagementGroupID specifies an optional ID of an Azure Management Group in which subscriptions created by Kore should be placed.

Example: kore-subscription-mgt-group

billingAccount
string

BillingAccount is the billing account identifier. Required for both agreement types.

Example (super-catchy, isn’t it): aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31

enrollmentAccount
string

EnrollmentAccount defines for an Enterprise Agreement agreement type which enrollment account to create subscriptions within. Required for EA.

Example: 7654321

billingProfile
string

BillingProfile defined for an MCA agreement type which billing profile contains the invoice section you wish subscriptions to be created in. Required for MCA.

Example: AW4F-APQW-0AH-ABC

invoiceSection
string

InvoiceSection defines for an MCA agreement type which invoice section to create subscriptions within inside the selected BillingProfile. Required for MCA.

Example: PQRS-ALDS-012-DEF

CloudAccountClaimSpec#

(Appears on: CloudAccountClaim)

CloudAccountClaimSpec defines the desired state of CloudAccountClaim

FieldDescription
name
string

Name is the name of the account to create.

parent
CloudAccountReference

Parent is a reference to a CloudAccount which this claim should use for provisioning the account. If this is an Organization account, this will trigger the creation of a new account within this parent. If it is a Shared or Kore Managed account, it will be validated and used directly. Any child account will inherit the Cloud provider from this parent.

CloudAccountClaimStatus#

(Appears on: CloudAccountClaim)

CloudAccountClaimStatus defines the observed state of the provisioned account

FieldDescription
components
Components

Conditions is a set of components conditions

cloudAccountRef
CloudAccountReference

CloudAccountRef is a reference to the assigned or created cloud account

identifier
string

Identifier is the assigned account ID / project ID / subscription ID

status
Status

Status provides a overall status

message
string

Message is the description of the current status

CloudAccountFeatureStatus#

(Appears on: CloudAccountStatus)

CloudAccountFeatureStatus describes the status of a cloud account feature

FieldDescription
ready
bool

Ready indicates whether this feature is ready to use.

setupRequired
bool

SetupRequired indicates this feature needs kore setup roles run to sort it out (i.e. one or more roles is missing, requires a provider role specifying, or requires updating). This will be false if a role is correct and specified but somehow not valid.

requiredRoles
[]string

RequiredRoles indicates the list of roles that this cloud account needs working in order for this feature to work. Each role identified here will have an entry in status.Roles to understand the status of these underlying roles.

CloudAccountNamingRule#

CloudAccountNamingRule describes the rules for naming a child account based on the selected plan

FieldDescription
name
string

Name is the given name of the rule

description
string

Description provides an optional description for the account rule

plans
[]string

Plans is a list of plans permitted

suffix
string

Suffix is the applied suffix

prefix
string

Prefix is a prefix for the account name

CloudAccountProviderDetails#

(Appears on: CloudAccountSpec)

CloudAccountProviderDetails provides parameters that are specific to a particular type of cloud account

FieldDescription
type
ProviderAccountType
gcpOrganization
GCPOrganizationParameters
(Optional)

GCPOrganization holds parameters specific to GCP organization accounts. Present only if type is GCPOrganization.

gcpProject
GCPProjectParameters
(Optional)

GCPProject holds parameters specific to GCP projects. Present only if type is GCPProject.

awsOrganization
AWSOrganizationParameters
(Optional)

AWSOrganization holds parameters specific to AWS organization accounts. Present only if type is AWSOrganization.

awsAccount
AWSAccountParameters
(Optional)

AWSAccount holds parameters specific to AWS accounts. Present only if type is AWSAccount.

azureTenant
AzureTenantParameters
(Optional)

AzureTenant holds parameters specific to Azure tenant accounts. Present only if type is AzureTenant.

azureSubscription
AzureSubscriptionParameters
(Optional)

AzureSubscription holds parameters specific to Azure subscriptions. Present only if type is AzureSubscription.

CloudAccountReference#

(Appears on: AzureSubscriptionSpec, CloudAccountClaimSpec, CloudAccountClaimStatus, CloudAccountSpec, ClusterStatus, CloudMetaCloud, CostImportSpec, ECRRegistryParameters)

FieldDescription
namespace
string
name
string

CloudAccountRole#

(Appears on: CloudAccountSpec)

FieldDescription
role
string

Role is the Kore cloud role that this account can be used for

assumeProviderRole
string

AssumeProviderRole is the (e.g.) ARN or similar that should be assumed by Kore when using this account for this role

CloudAccountRoleStatus#

(Appears on: CloudAccountStatus)

CloudAccountRoleStatus is the status of a role on a cloud account

FieldDescription
status
RoleStatus
message
string

CloudAccountSpec#

(Appears on: CloudAccount)

CloudAccountSpec defines the specification of an account known to kore

FieldDescription
name
string

Name is the unique logical name for this cloud account

cloud
string

Cloud defines which cloud provider this account is for

identifier
string

Identifier is the unique identifier for this account with the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc. Required unless the accountType is koremanaged.

For accountType organization this should be the account ID/subscription ID/project ID to place shared org-wide resources such as DNS root zones, etc. For AWS this must be the same AWS Master Account ID used for OrgIdentifier.

To use the identifier for a CloudAccount, ALWAYS reference Status.Identifier, not this field, as this will be unpopulated and ignored on koremanaged accounts.

orgIdentifier
string

OrgIdentifier, required only for accountType organization and must be populated with the identifier for the organization - for example, AWS Master Account ID, Azure Tenant ID, GCP Organization ID, etc.

Ignored if accountType is not organization.

accountType
string

AccountType identifies whether this is an organization account (which can be used by Kore to create managed accounts), a shared account (used directly to build team infrastructure), or a koremanaged acccount (created by Kore’s account management features)

defaultRegion
string

DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth

parentAccount
CloudAccountReference

ParentAccount is a reference to another CloudAccount (with account type ‘organization’) of this cloud account, for koremanaged (required) and shared (optional) accounts.

providerDetails
CloudAccountProviderDetails

ProviderDetails provides additional fields which can be used for cloud-provider specific data, such as a GCP billing account ID.

namingRules
[]github.com/appvia/kore/pkg/apis/cloudaccess/v1alpha1.CloudAccountNamingRule

NamingRules describes for Organization type accounts how to name child accounts based on the plan chosen. Required for account factory functionality to operate for an Organization account.

identityCred
CloudCredentialReference

IdentityCred is a reference to the credential for Kore to identify itself to this cloud provider when using this account.

To use workload identity, specify an empty namespace and name - this will only work if Workload Identity has been configured in the Kore management cluster, this account is in the same cloud provider as the management cluster, and that workload identity is given access to this account)

features
[]string

Features lists the ways in which it is intended for this cloud account to be used. This will allow the relevant set of roles to be determined for this cloud account.

roles
[]CloudAccountRole

Roles defines the possible ways in which Kore can use this account, along with details of how Kore should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud account is defined by the enabled features.

CloudAccountStatus#

(Appears on: CloudAccount)

CloudAccountStatus defines the status of a cloud account

FieldDescription
status
Status

Status provides a overall status

message
string

Message is the description of the current status

components
Components

Components is a set of underlying components of which this cloud account is comprised for koremanaged accounts.

identifier
string

Identifier is the assigned unique identifier for this account. For koremanaged accounts this will be the identifier for the created account. For all other accounts, this will be the value provided in Spec.Identifier.

This field should ALWAYS be used if you need the correct identifier for a cloud account. Do not rely on Spec.Identifier which is unpopulated for koremanaged accounts.

providerAccountRef
Ownership

ProviderAccountRef is a reference to the provider account for this cloud account where the type is koremanaged.

features
map[string]github.com/appvia/kore/pkg/apis/cloudaccess/v1alpha1.CloudAccountFeatureStatus

Features describes the status of any features specified on this cloud account.

roles
map[string]github.com/appvia/kore/pkg/apis/cloudaccess/v1alpha1.CloudAccountRoleStatus

Roles provides the status of each underlying required role. The keys of the map are the role names.

CloudCredentialReference#

(Appears on: CloudAccountSpec, CostImportSpec)

CloudCredentialReference is a reference specifically to a cloud credential

FieldDescription
namespace
string

Namespace for the credential, specify empty for implicit credentials

name
string

Name for the credential, specify empty for implicit credentials

CloudCredentialSpec#

(Appears on: CloudCredential)

CloudCredentialSpec defines the metadata about the credentials with a reference to the kubernetes secret containing the credentials

FieldDescription
name
string

Name is a human-understandable name for this credential

cloud
string

Cloud defines which cloud provider this credential is for

implicitIdentity
bool

ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used.

credentialsInputData
map[string]string

CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API.

If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references.

secretRef
Kubernetes core/v1.SecretReference

SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Kore.

Where CredentialsInputData is specified but this is left blank, Kore will assign this value.

credentialsUpdated
Kubernetes meta/v1.Time

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Kore, update this field to trigger re-verification of this credential.

CloudCredentialStatus#

(Appears on: CloudCredential)

CloudCredentialStatus represents the status of a set of credentials for cloud account access

FieldDescription
status
Status

Status provides a overall status

message
string

Message is the description of the current status

verified
bool

Verified checks that the credentials are ok and valid

identity
string

Identity is the unique reference to the cloud principle e.g. aws role, gcp service-account etc.

GCPOrganizationParameters#

(Appears on: CloudAccountProviderDetails)

GCPOrganizationParameters provides the specific parameters for a GCP organisation account

FieldDescription
parentType
string

ParentType is the type of parent this project has Valid types are: “organization”, “folder”, and “project”

parentID
string

DEPRECATED: Use OrgIdentifier on Spec. This will be ignored if OrgIdentifier is populated on the Spec.

billingAccount
string

BillingAccountName is the resource name of the billing account associated with the project e.g. ‘012345-567890-ABCDEF’

GCPProjectParameters#

(Appears on: CloudAccountProviderDetails)

GCPProjectParameters provides the specific parameters for a GCP project account

ProviderAccountType (string)#

(Appears on: CloudAccountProviderDetails)

ProviderAccountType represents the concrete type of account that a CloudAccount represents

ValueDescription

"AWSAccount"

ProviderAccountTypeAWSAccount is an AWS account for running workloads

"AWSOrganization"

ProviderAccountTypeAWSOrg is a root organization account for AWS account management

"AzureTenant"

ProviderAccountTypeAzureOrg is a root organization tenant for Azure account management

"AzureSubscription"

ProviderAccountTypeAzureSubscription is an Azure subscription for running workloads

"GCPOrganization"

ProviderAccountTypeGCPOrg is a root organization account for GCP account management

"GCPProject"

ProviderAccountTypeGCPProject is a GCP project for running workloads

RoleStatus (string)#

(Appears on: CloudAccountRoleStatus)

RoleStatus is a possible status of a role on a cloud account

ValueDescription

"Invalid"

RoleInvalid indicates that a specified role is not usable, for example it cannot be accessed from the identity associated with this cloud account or does not exist

"Missing"

RoleMissing indicates that a required role for a specfied feature is not set on this cloudaccount

"Pending"

RolePending indicates that the role has not yet been checked

"RequiresProviderRole"

RoleRequiresProviderRole indicates that a specified role requires an AssumeProviderRole but none has been provided

"RequiresUpdate"

RoleRequiresUpdate indicates that the permissions required for the role are not correct in the cloud provider so this role needs to be updated

"Valid"

RoleValid indicates this cloud account role is ready to use

cloudservices.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the crossplane v1alpha1 API group

Resource Types:

CrossplaneDeployment#

CrossplaneDeployment is a Crossplane deployment instance

FieldDescription
apiVersion
string
cloudservices.kore.appvia.io/v1alpha1
kind
string
CrossplaneDeployment
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CrossplaneDeploymentSpec
cluster
Ownership

Cluster contains the reference to the cluster where the deployment will be created

clusterNamespace
string

ClusterNamespace is the target namespace in the cluster where the deployment will be created

version
string

Version is the Crossplane version

providers
[]string

Providers is the list of Crossplane providers to install

status
CrossplaneDeploymentStatus
components
Components

Components is a collection of component statuses

status
Status

Status is the overall status of the deployment

message
string

Message is the description of the current status

observedGeneration
int64

ObservedGeneration is the value of generation when the object was last reconciled If the value is different from the object’s current generation, the status must be considered outdated

CrossplaneDeploymentSpec#

(Appears on: CrossplaneDeployment)

CrossplaneDeploymentSpec defines the desired state of a Crossplane deployment

FieldDescription
cluster
Ownership

Cluster contains the reference to the cluster where the deployment will be created

clusterNamespace
string

ClusterNamespace is the target namespace in the cluster where the deployment will be created

version
string

Version is the Crossplane version

providers
[]string

Providers is the list of Crossplane providers to install

CrossplaneDeploymentStatus#

(Appears on: CrossplaneDeployment)

CrossplaneDeploymentStatus defines the observed state of a Crossplane deployment

FieldDescription
components
Components

Components is a collection of component statuses

status
Status

Status is the overall status of the deployment

message
string

Message is the description of the current status

observedGeneration
int64

ObservedGeneration is the value of generation when the object was last reconciled If the value is different from the object’s current generation, the status must be considered outdated

clusters.compute.kore.appvia.io/v1#

Package v1 contains API Schema definitions for the config v1 API group

Resource Types:

Cluster#

Cluster is the Schema for the plans API

FieldDescription
apiVersion
string
clusters.compute.kore.appvia.io/v1
kind
string
Cluster
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ClusterSpec
kind
string

Kind refers to the cluster type (e.g. GKE, EKS)

plan
string

Plan is the name of the cluster plan which was used to create this cluster

configuration
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

Configuration are the configuration values for this cluster It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and cluster configuration

credentials
Ownership

Credentials is a reference to the credentials object to use

status
ClusterStatus
apiEndpoint
string

APIEndpoint is the kubernetes API endpoint url

caCertificate
string

CaCertificate is the base64 encoded cluster certificate

components
Components

Components is a collection of component statuses

authProxyEndpoint
string

AuthProxyEndpoint is the endpoint of the authentication proxy for this cluster

authProxyCertificate
string

AuthProxyCertificate is the certificate of the auth proxy endpoint

status
Status

Status is the overall status of the cluster

message
string

Message is the description of the current status

providerData
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

ProviderData is provider specific data

cloudAccount
CloudAccountReference

CloudAccountRef is a reference to the cloud account to use to retrieve credentials for this cluster. Will be populated if the spec specifies a CloudAccount (org or shared) as the credential object.

Kubernetes#

Kubernetes is the Schema for the roles API

FieldDescription
apiVersion
string
clusters.compute.kore.appvia.io/v1
kind
string
Kubernetes
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
KubernetesSpec
authProxyImage
string

AuthProxyImage is the kube api proxy used to sso into the cluster post provision

authProxyAllowedIPs
[]string

AuthProxyAllowedIPs is a list of IP address ranges (using CIDR format), which will be allowed to access the proxy

cluster
Ownership

Cluster refers to the cluster this object belongs to

clusterUsers
[]ClusterUser

ClusterUsers is a collection of users from the team whom have permissions across the cluster

enableDefaultTrafficBlock
bool

EnableDefaultTrafficBlock indicates the cluster should default to enabling blocking network policies on all namespaces

defaultTeamRole
string

DefaultTeamRole is role inherited by all team members

domain
string

Domain is the domain of the cluster

inheritTeamMembers
bool

InheritTeamMembers inherits indicates all team members are inherited as having access to cluster by default.

provider
Ownership

Provider is the cloud cluster provider type for this kubernetes

status
KubernetesStatus
apiEndpoint
string

Endpoint is the kubernetes endpoint url

caCertificate
string

CaCertificate is the base64 encoded cluster certificate

components
Components

Components is a collection of component statuses

endpoint
string

APIEndpoint is the endpoint of client proxy for this cluster

endpointCertificate
string

EndpointCertificate is the certificate of the auth proxy

status
Status

Status is overall status of the workspace

NamespaceClaim#

NamespaceClaim is the Schema for the namespaceclaims API

FieldDescription
apiVersion
string
clusters.compute.kore.appvia.io/v1
kind
string
NamespaceClaim
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
NamespaceClaimSpec
cluster
Ownership

Cluster is the cluster the namespace resides

name
string

Name is the name of the namespace to create

annotations
map[string]string

Annotations is a series of annotations on the namespace

labels
map[string]string

Labels is a series of labels for the namespace

status
NamespaceClaimStatus
status
Status

Status is the status of the namespace

conditions
[]Condition

Conditions is a series of things that caused the failure if any

ClusterComponent#

ClusterSpec#

(Appears on: Cluster)

ClusterSpec defines the desired state of a cluster

FieldDescription
kind
string

Kind refers to the cluster type (e.g. GKE, EKS)

plan
string

Plan is the name of the cluster plan which was used to create this cluster

configuration
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

Configuration are the configuration values for this cluster It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and cluster configuration

credentials
Ownership

Credentials is a reference to the credentials object to use

ClusterStatus#

(Appears on: Cluster)

ClusterStatus defines the observed state of a cluster

FieldDescription
apiEndpoint
string

APIEndpoint is the kubernetes API endpoint url

caCertificate
string

CaCertificate is the base64 encoded cluster certificate

components
Components

Components is a collection of component statuses

authProxyEndpoint
string

AuthProxyEndpoint is the endpoint of the authentication proxy for this cluster

authProxyCertificate
string

AuthProxyCertificate is the certificate of the auth proxy endpoint

status
Status

Status is the overall status of the cluster

message
string

Message is the description of the current status

providerData
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

ProviderData is provider specific data

cloudAccount
CloudAccountReference

CloudAccountRef is a reference to the cloud account to use to retrieve credentials for this cluster. Will be populated if the spec specifies a CloudAccount (org or shared) as the credential object.

ClusterUser#

(Appears on: KubernetesSpec)

ClusterUser defines a user and their role in the cluster

FieldDescription
username
string

Username is the team member the role is being applied to

roles
[]string

Roles is the roles the user is permitted access to Deprecated this field is no longer in use

KubernetesSpec#

(Appears on: Kubernetes)

KubernetesSpec defines the desired state of Cluster

FieldDescription
authProxyImage
string

AuthProxyImage is the kube api proxy used to sso into the cluster post provision

authProxyAllowedIPs
[]string

AuthProxyAllowedIPs is a list of IP address ranges (using CIDR format), which will be allowed to access the proxy

cluster
Ownership

Cluster refers to the cluster this object belongs to

clusterUsers
[]ClusterUser

ClusterUsers is a collection of users from the team whom have permissions across the cluster

enableDefaultTrafficBlock
bool

EnableDefaultTrafficBlock indicates the cluster should default to enabling blocking network policies on all namespaces

defaultTeamRole
string

DefaultTeamRole is role inherited by all team members

domain
string

Domain is the domain of the cluster

inheritTeamMembers
bool

InheritTeamMembers inherits indicates all team members are inherited as having access to cluster by default.

provider
Ownership

Provider is the cloud cluster provider type for this kubernetes

KubernetesStatus#

(Appears on: Kubernetes)

KubernetesStatus defines the observed state of Cluster

FieldDescription
apiEndpoint
string

Endpoint is the kubernetes endpoint url

caCertificate
string

CaCertificate is the base64 encoded cluster certificate

components
Components

Components is a collection of component statuses

endpoint
string

APIEndpoint is the endpoint of client proxy for this cluster

endpointCertificate
string

EndpointCertificate is the certificate of the auth proxy

status
Status

Status is overall status of the workspace

NamespaceClaimSpec#

(Appears on: NamespaceClaim)

NamespaceClaimSpec defines the desired state of NamespaceClaim

FieldDescription
cluster
Ownership

Cluster is the cluster the namespace resides

name
string

Name is the name of the namespace to create

annotations
map[string]string

Annotations is a series of annotations on the namespace

labels
map[string]string

Labels is a series of labels for the namespace

NamespaceClaimStatus#

(Appears on: NamespaceClaim)

NamespaceClaimStatus defines the observed state of NamespaceClaim

FieldDescription
status
Status

Status is the status of the namespace

conditions
[]Condition

Conditions is a series of things that caused the failure if any

config.kore.appvia.io/v1#

Package v1 contains API Schema definitions for the config v1 API group

Resource Types:

Allocation#

Allocation is the Schema for the allocations API

FieldDescription
apiVersion
string
config.kore.appvia.io/v1
kind
string
Allocation
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
AllocationSpec
name
string

Name is the name of the resource being shared

summary
string

Summary is the summary of the resource being shared

resource
Ownership

Resource is the resource which is being shared with another team

teams
[]string

Teams is a collection of teams the allocation is permitted to use

status
AllocationStatus
status
Status

Status is the general status of the resource

conditions
[]Condition

Conditions is a collection of potential issues

CloudMetaService#

CloudMetaService represents an import of cloud metadata into Kore

FieldDescription
apiVersion
string
config.kore.appvia.io/v1
kind
string
CloudMetaService
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CloudMetaServiceSpec
clouds
[]CloudMetaCloud

Clouds contains an array of clouds to pull metadata for

metadataServiceVersion
string

MetadataServiceVersion defines which version of the metadata service should be used. Blank defaults to a reasonable default.

status
CloudMetaServiceStatus
status
Status

Status provides a overall status

message
string

Message is the description of the current status

components
Components

Conditions is a set of underlying components if relevant

CostImport#

CostImport represents an import of costs data into Kore

FieldDescription
apiVersion
string
config.kore.appvia.io/v1
kind
string
CostImport
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
CostImportSpec
cloud
string

Cloud defines which cloud this costs import is from

cloudAccount
CloudAccountReference

CloudAccount identifies which cloud account (organization or shared) should be used to pull costs data from. Must relate to the same cloud provider as specified in Cloud.

cloudCredential
CloudCredentialReference

CloudCredential specifies an optional custom credential to use for this integration, instead of using the default credentials for the CloudAccount.

frequencyMinutes
int

FrequencyMinutes describes how many minutes to leave between imports, e.g. 30 would import twice per hour. If greater than 60, should be a multiple of 60 (other values will be rounded to an integer number of hours, e.g. 90 will round to 120, 89 will round to 60).

daysHistory
int

DaysHistory determines how many days worth of historical data to consider each time this import is run

importZeroCostItems
bool

ImportZeroCostItems determines whether zero-costed line items in the cloud providers’ cost data is imported to kore or not.

providerDetails
CostImportProviderDetails

ProviderDetails provides the cloud-specific configuration details

importEngineVersion
string

ImportEngineVersion defines which version of kore costs importer should be used for this job. Blank defaults to a reasonable default.

status
CostImportStatus
status
Status

Status provides a overall status

message
string

Message is the description of the current status

components
Components

Conditions is a set of underlying components if relevant

history
[]CostImportRun

History contains the recent history of runs of this cost import

Plan#

Plan is the Schema for the plans API

FieldDescription
apiVersion
string
config.kore.appvia.io/v1
kind
string
Plan
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PlanSpec
kind
string

Resource refers to the resource type this is a plan for

labels
map[string]string

Labels is a collection of labels for this plan

description
string

Description provides a summary of the configuration provided by this plan

summary
string

Summary provides a short title summary for the plan

configuration
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

Configuration are the key+value pairs describing a cluster configuration

status
PlanStatus
conditions
[]Condition

Conditions is a set of condition which has caused an error

status
Status

Status is overall status of the workspace

PlanPolicy#

PlanPolicy is the Schema for the plan policies API

FieldDescription
apiVersion
string
config.kore.appvia.io/v1
kind
string
PlanPolicy
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
PlanPolicySpec
kind
string

Kind refers to the cluster type this is a plan policy for

labels
map[string]string

Labels is a collection of labels for this plan policy

summary
string

Summary provides a short title summary for the plan policy

description
string

Description provides a detailed description of the plan policy

properties
[]PlanPolicyProperty

Properties are the

status
PlanPolicyStatus
conditions
[]Condition

Conditions is a set of condition which has caused an error

status
Status

Status is overall status of the plan policy

AWSCostImportParameters#

(Appears on: CostImportProviderDetails)

AWSCostImportParameters provides the specific parameters for AWS

FieldDescription
s3Region
string

S3Region is the region in which to store cost and usage data in S3. Will use the default region from the cloud account if this is unspecified.

costUsageBucket
string

CostUsageBucket is the name of an S3 bucket in which Kore can find existing cost and usage reports to read. Leave blank to have Kore self-configure with a new bucket as needed.

costUsageS3Prefix
string

CostUsageS3Prefix is the location within the CostUsageBucket where Kore will find the cost reports. Will be ignored unless CostUsageBucket is specified.

costUsageReport
string

CostUsageReport is the name of the cost usage report to use.

AllocationSpec#

(Appears on: Allocation)

AllocationSpec defines the desired state of Allocation

FieldDescription
name
string

Name is the name of the resource being shared

summary
string

Summary is the summary of the resource being shared

resource
Ownership

Resource is the resource which is being shared with another team

teams
[]string

Teams is a collection of teams the allocation is permitted to use

AllocationStatus#

(Appears on: Allocation)

AllocationStatus defines the observed state of Allocation

FieldDescription
status
Status

Status is the general status of the resource

conditions
[]Condition

Conditions is a collection of potential issues

AzureCostImportParameters#

(Appears on: CostImportProviderDetails)

AzureCostImportParameters provides the specific parameters for Azure

FieldDescription
importType
AzureCostImportType

ImportType dictates what scope we’re going to import Azure costs for.

This must match the type of Cloud Account referenced by this costs import:

For BillingAccount the Cloud Account must be an Azure organization with AgreementType of EA or MCA and the BillingAccount populated.

For EAEnrollmentAccount the Cloud Account must be an Azure organization with AgreementType of EA and the EnrollmentAccount populated.

For MCAInvoiceSection the Cloud Account must be an Azure organization with AgreementType of MCA and the BillingAccount, BillingProfile and InvoiceSection populated.

AzureCostImportType (string)#

(Appears on: AzureCostImportParameters)

AzureCostImportType is the scope level to import Azure costs for

ValueDescription

"BillingAccount"

AzureCostImportBillingAccount is to import costs for a full billing account

"EAEnrollmentAccount"

AzureCostImportEAEnrollmentAccount is to import costs for an Enterprise Agreement Enrollment Account

"MCAInvoiceSection"

AzureCostImportMCAInvoiceSection is to import costs for an MCA invoice section

"Subscription"

AzureCostImportSubscription is to import costs for a single subscription

CloudMetaCloud#

(Appears on: CloudMetaServiceSpec)

FieldDescription
cloud
string

Cloud defines which cloud this will pull information for

cloudAccount
CloudAccountReference

CloudAccount defines the cloud account to use to pull metadata for this cloud

CloudMetaServiceSpec#

(Appears on: CloudMetaService)

CloudMetaServiceSpec defines the specification of the cloud metadata import

FieldDescription
clouds
[]CloudMetaCloud

Clouds contains an array of clouds to pull metadata for

metadataServiceVersion
string

MetadataServiceVersion defines which version of the metadata service should be used. Blank defaults to a reasonable default.

CloudMetaServiceStatus#

(Appears on: CloudMetaService)

CloudMetaServiceStatus defines the status of this cloud meta import

FieldDescription
status
Status

Status provides a overall status

message
string

Message is the description of the current status

components
Components

Conditions is a set of underlying components if relevant

CostImportProvider (string)#

(Appears on: CostImportProviderDetails)

CostImportProvider is which cloud provider these provider details are for

ValueDescription

"AWS"

"Azure"

"GCP"

CostImportProviderDetails#

(Appears on: CostImportSpec)

CostImportProviderDetails provides parameters that are specific to a particular cloud

FieldDescription
type
CostImportProvider

Type is which cloud provider these provider details are for

gcp
GCPCostImportParameters
(Optional)

GCP holds parameters specific to importing GCP costs data. Present only if type is GCP.

aws
AWSCostImportParameters
(Optional)

AWS holds parameters specific to importing AWS costs data. Present only if type is AWS.

azure
AzureCostImportParameters
(Optional)

Azure holds parameters specific to importing Azure costs data. Present only if type is Azure.

CostImportRun#

(Appears on: CostImportStatus)

CostImportRun represents the result of an execution of a cost import

FieldDescription
status
Status

Status indicates whether this import completed successfully (Success), is running (Pending) or failed (Failure)

time
Kubernetes meta/v1.Time

Time indicates when this import was executed - may be nil if the import has been scheduled but not yet started

log
string

Log contains the log (in JSON) of this import

CostImportSpec#

(Appears on: CostImport)

CostImportSpec defines the specification of the cost import

FieldDescription
cloud
string

Cloud defines which cloud this costs import is from

cloudAccount
CloudAccountReference

CloudAccount identifies which cloud account (organization or shared) should be used to pull costs data from. Must relate to the same cloud provider as specified in Cloud.

cloudCredential
CloudCredentialReference

CloudCredential specifies an optional custom credential to use for this integration, instead of using the default credentials for the CloudAccount.

frequencyMinutes
int

FrequencyMinutes describes how many minutes to leave between imports, e.g. 30 would import twice per hour. If greater than 60, should be a multiple of 60 (other values will be rounded to an integer number of hours, e.g. 90 will round to 120, 89 will round to 60).

daysHistory
int

DaysHistory determines how many days worth of historical data to consider each time this import is run

importZeroCostItems
bool

ImportZeroCostItems determines whether zero-costed line items in the cloud providers’ cost data is imported to kore or not.

providerDetails
CostImportProviderDetails

ProviderDetails provides the cloud-specific configuration details

importEngineVersion
string

ImportEngineVersion defines which version of kore costs importer should be used for this job. Blank defaults to a reasonable default.

CostImportStatus#

(Appears on: CostImport)

CostImportStatus defines the status of this costs integration

FieldDescription
status
Status

Status provides a overall status

message
string

Message is the description of the current status

components
Components

Conditions is a set of underlying components if relevant

history
[]CostImportRun

History contains the recent history of runs of this cost import

GCPCostImportParameters#

(Appears on: CostImportProviderDetails)

GCPCostImportParameters provides the specific parameters for GCP

FieldDescription
billingAccount
string

BillingAccountName is the billing account we’re importing costs for. If unspecified, Kore will use the Billing Account specified on the cloud account (if it’s of type Organization).

If neither of these are specified, this configuration will not be valid.

Example: ‘012345-567890-ABCDEF’

datasetProject
string

DatasetProject is the GCP project in which to find/create the BigQuery dataset. If unspecified Kore will use the project from the referenced cloud account.

datasetRegion
string

DatasetRegion is the GCP region (or regional area) in which the BigQuery dataset should be created / accessed. If unspecified, Kore will use the default region from the referenced cloud account.

Examples: * EU (geo-dispersed across multiple EU GCP regions) * US (geo-dispersed across multiple US GCP regions) * europe-west2 (London)

datasetName
string

DatasetName is an optional custom name of the BigQuery dataset to query to retrieve costs data. If unspecified, Kore will assume a dataset named kore-costs.

PlanPolicyProperty#

(Appears on: PlanPolicySpec)

PlanPolicyProperty defines a JSON schema for a given property

FieldDescription
name
string

Name is the name of the property

allowUpdate
bool

AllowUpdate will allow the parameter to be modified by the teams

disallowUpdate
bool

DisallowUpdate will forbid modification of the parameter, even if it was allowed by an other policy

PlanPolicySpec#

(Appears on: PlanPolicy)

PlanPolicySpec defines Plan JSON Schema extensions

FieldDescription
kind
string

Kind refers to the cluster type this is a plan policy for

labels
map[string]string

Labels is a collection of labels for this plan policy

summary
string

Summary provides a short title summary for the plan policy

description
string

Description provides a detailed description of the plan policy

properties
[]PlanPolicyProperty

Properties are the

PlanPolicyStatus#

(Appears on: PlanPolicy)

PlanPolicyStatus defines the observed state of Plan Policy

FieldDescription
conditions
[]Condition

Conditions is a set of condition which has caused an error

status
Status

Status is overall status of the plan policy

PlanSpec#

(Appears on: Plan)

PlanSpec defines the desired state of Plan

FieldDescription
kind
string

Resource refers to the resource type this is a plan for

labels
map[string]string

Labels is a collection of labels for this plan

description
string

Description provides a summary of the configuration provided by this plan

summary
string

Summary provides a short title summary for the plan

configuration
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

Configuration are the key+value pairs describing a cluster configuration

PlanStatus#

(Appears on: Plan)

PlanStatus defines the observed state of Plan

FieldDescription
conditions
[]Condition

Conditions is a set of condition which has caused an error

status
Status

Status is overall status of the workspace

container.kore.appvia.io/v1alpha1#

Package v1alpha1 contains API Schema definitions for the images v1alpha1 API group

Resource Types:

Build#

Build is the Schema for the roles API

FieldDescription
apiVersion
string
container.kore.appvia.io/v1alpha1
kind
string
Build
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BuildSpec
cluster
Ownership

Cluster is a reference to the cluster the build is performed

buildPath
string

BuildPath is the directory which the build runs under - defaults to the current dirctory

dockerfile
string

Dockerfile is the default location of dockerfile to build

repoURL
string

RepoURL is the location of the workspace to build

registry
Ownership

Registry is a reference to the registry to push the image

credentials
Kubernetes core/v1.SecretReference

Credential is a reference to the secret to use access to the repository This could be a ssh key or a personal access token etc

imageName
string

ImageName is a final name of the image

credentialsInputData
BuildCredentialsInputData

CredentialsInputData can be used to populate the secret when creating/updating a build. This will never be populated when the build is returned from the API.

credentialsUpdated
Kubernetes meta/v1.Time

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Kore, update this field.

status
BuildStatus
builds
[]*github.com/appvia/kore/pkg/apis/containers/v1alpha1.RunStatus

Builds provides a collection of build run statues

conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

message
string

Message is the description of the current status

Registry#

Registry is the Schema for the registry API

FieldDescription
apiVersion
string
container.kore.appvia.io/v1alpha1
kind
string
Registry
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
RegistrySpec
provider
string

Provider is the type of registry we have (quay, ecr, gcr etc)

providerDetails
RegistryProviderDetails

ProviderDetails provides additional fields which can be used for registry provider specific information i.e. AWS Region or CloudAccount for a cloud provided registry

imagePrefix
string

ImagePrefix indicates the images has a prefix

tags
map[string]string

Tags is a collection of tags to be applied to all images if supported

tokens
Kubernetes core/v1.SecretReference

Tokens are a secret of credentials for the registry - this are different depending on the provide - i.e ecr gcp or goharbor DEPRECATED: This is no longer used. Values here will be ignored.

endpoint
string

Endpoint is the registry endpoint DEPRECATED: See status instead, values here will be ignored

status
RegistryStatus
endpoint
string

Endpoint is the URL to access this registry on

conditions
[]Condition

Conditions is a collection of errors messages

pushToken
Kubernetes core/v1.SecretReference

PushToken is a token used to push images to the registry

pullToken
Kubernetes core/v1.SecretReference

PullToken is a token used to pull images from the registry

status
Status

Status is overall status of the registry

BuildCredentialsInputData#

(Appears on: BuildSpec)

BuildCredentialsInputData defines the desired state of credentialsInputData

FieldDescription
type
string

The secret type, should be either github_token or gitlab_token

description
string

Description of the token

git_password
string

The password required for access

git_username
string

The username required for access

BuildRun#

BuildRun is the Schema for the roles API

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
BuildRunSpec
gitBranch
string

GitRef is the git reference to are building from - else we default to mastr

gitSHA
string

GitSHA is the commit to build from else we default to head

tag
string

Tag is an optional tag to use when pushing the images - else we default to the SHA

status
BuildStatus
builds
[]*github.com/appvia/kore/pkg/apis/containers/v1alpha1.RunStatus

Builds provides a collection of build run statues

conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

message
string

Message is the description of the current status

BuildRunSpec#

(Appears on: BuildRun)

BuildRunSpec defines the desired state of build - note this doesn’t get mapped to a CRD it’s just a payload to the trigger

FieldDescription
gitBranch
string

GitRef is the git reference to are building from - else we default to mastr

gitSHA
string

GitSHA is the commit to build from else we default to head

tag
string

Tag is an optional tag to use when pushing the images - else we default to the SHA

BuildRunStatus#

BuildRunStatus represents the status of a build run

FieldDescription
conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

BuildSpec#

(Appears on: Build)

BuildSpec defines the desired state of build

FieldDescription
cluster
Ownership

Cluster is a reference to the cluster the build is performed

buildPath
string

BuildPath is the directory which the build runs under - defaults to the current dirctory

dockerfile
string

Dockerfile is the default location of dockerfile to build

repoURL
string

RepoURL is the location of the workspace to build

registry
Ownership

Registry is a reference to the registry to push the image

credentials
Kubernetes core/v1.SecretReference

Credential is a reference to the secret to use access to the repository This could be a ssh key or a personal access token etc

imageName
string

ImageName is a final name of the image

credentialsInputData
BuildCredentialsInputData

CredentialsInputData can be used to populate the secret when creating/updating a build. This will never be populated when the build is returned from the API.

credentialsUpdated
Kubernetes meta/v1.Time

CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Kore, update this field.

BuildStatus#

(Appears on: Build, BuildRun)

BuildStatus defines the observed state of build

FieldDescription
builds
[]*github.com/appvia/kore/pkg/apis/containers/v1alpha1.RunStatus

Builds provides a collection of build run statues

conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

message
string

Message is the description of the current status

ECRRegistryParameters#

(Appears on: RegistryProviderDetails)

ECRRegistryParameters provides the specific parameters for an ECR registry

FieldDescription
cloudAccountRef
CloudAccountReference

CloudAccountRef is a reference to the assigned or created cloud account

region
string

Region is the region to create this registry.

accountID
string

AccountID is the AccountID used by this registry DEPRECATED - this will be derived from the cloud account, any value specified here will be ignored.

Image#

Image represents an image a docker repository

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ImageSpec
tags
map[string]string

Tags are a set of tags which can be used to identify this asset

url
string

URL is the full url for this docker image

config
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

Config is any provider specific configuration

status
ImageStatus
conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

ImageSpec#

(Appears on: Image)

ImageSpec represent the image details

FieldDescription
tags
map[string]string

Tags are a set of tags which can be used to identify this asset

url
string

URL is the full url for this docker image

config
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

Config is any provider specific configuration

ImageStatus#

(Appears on: Image)

ImageStatus represent the image status

FieldDescription
conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

ImageTag#

ImageTag represents an image a docker repository

FieldDescription
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ImageTagSpec
url
string

URL is the full url for this docker image

status
ImageTagStatus
conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

ImageTagSpec#

(Appears on: ImageTag)

ImageTagSpec represent the image details

FieldDescription
url
string

URL is the full url for this docker image

ImageTagStatus#

(Appears on: ImageTag)

ImageTagStatus represents the status of a image tag

FieldDescription
conditions
[]Condition

Conditions are a collection of conditions on the tag

status
Status

Status is overall status of the workspace

ProviderRegistryType (string)#

(Appears on: RegistryProviderDetails)

ProviderRegistryType represents the concrete type of account that a CloudAccount represents

ValueDescription

"ECRRegistry"

ProviderAccountTypeECRRegistry is an ECR registry in AWS

RegistryProviderDetails#

(Appears on: RegistrySpec)

RegistryProviderDetails provides parameters that are specific to a particular type of registry

FieldDescription
type
ProviderRegistryType
ecrRegistry
ECRRegistryParameters
(Optional)

ECRRegistry holds parameters specific to ECR Registries. Present only if type is ECRRegistry.

RegistrySpec#

(Appears on: Registry)

RegistrySpec defines the desired state of registry

FieldDescription
provider
string

Provider is the type of registry we have (quay, ecr, gcr etc)

providerDetails
RegistryProviderDetails

ProviderDetails provides additional fields which can be used for registry provider specific information i.e. AWS Region or CloudAccount for a cloud provided registry

imagePrefix
string

ImagePrefix indicates the images has a prefix

tags
map[string]string

Tags is a collection of tags to be applied to all images if supported

tokens
Kubernetes core/v1.SecretReference

Tokens are a secret of credentials for the registry - this are different depending on the provide - i.e ecr gcp or goharbor DEPRECATED: This is no longer used. Values here will be ignored.

endpoint
string

Endpoint is the registry endpoint DEPRECATED: See status instead, values here will be ignored

RegistryStatus#

(Appears on: Registry)

RegistryStatus defines the observed state of registry

FieldDescription
endpoint
string

Endpoint is the URL to access this registry on

conditions
[]Condition

Conditions is a collection of errors messages

pushToken
Kubernetes core/v1.SecretReference

PushToken is a token used to push images to the registry

pullToken
Kubernetes core/v1.SecretReference

PullToken is a token used to pull images from the registry

status
Status

Status is overall status of the registry

RunStatus#

RunStatus represents a build which has occurred off this build

FieldDescription
creationTimestamp
Kubernetes meta/v1.Time

CreationTimestamp is the time the build was kicked off

buildTime
Kubernetes meta/v1.Duration

BuildTime is the time the build took

image
string

Image is the result image from the build

gitSha
string

GitSHA is the gitsha the image was built from

status
Status

Status is the result of the build run

uid
string

UID was the uid of the run

core.kore.appvia.io/v1#

Package v1 contains the core api resources

Resource Types:

    ActionSelector#

    (Appears on: Selector)

    ActionSelector is used to filter on the operation type

    FieldDescription
    verbs
    []string

    Component#

    Component the state of a component of the resource

    FieldDescription
    name
    string

    Name is the name of the component

    status
    Status

    Status is the status of the component

    message
    string

    Message is a human readable message on the status of the component

    detail
    string

    Detail is additional details on the error is any

    resource
    Ownership

    Resource is a reference to the resource

    Components ([]*github.com/appvia/kore/pkg/apis/core/v1.Component)#

    (Appears on: AKSStatus, AccountStatus, AzureSubscriptionStatus, CloudAccountClaimStatus, CloudAccountStatus, CrossplaneDeploymentStatus, ClusterStatus, KubernetesStatus, CloudMetaServiceStatus, CostImportStatus, EKSNodeGroupStatus, EKSStatus, EKSVPCStatus, ProjectStatus, GKEStatus, IngressControllerStatus, ServiceAccessDeploymentStatus, ServiceAccessStatus, ServiceDeploymentStatus, ServiceProviderStatus, ServiceStatus)

    Components is a collection of components

    Condition#

    (Appears on: ExternalVPCStatus, PeeringStatus, SecurityGroupRuleStatus, NamespaceClaimStatus, AllocationStatus, PlanPolicyStatus, PlanStatus, BuildRunStatus, BuildStatus, ImageStatus, ImageTagStatus, RegistryStatus, AssignableNetworkStatus, TeamInvitationStatus, TeamStatus, UserStatus, PolicyPlanStatus, PolicyStatus)

    Condition is a reason why something failed

    FieldDescription
    message
    string

    Message is a human readable message

    detail
    string

    Detail is a actual error which might contain technical reference

    ConfigurationFromSource#

    FieldDescription
    path
    string

    Path is the JSON path of the configuration parameter Examples: “field”, “map_field.value”, “array_field.0”, “array_field.0.value” To append a value to an existing array: “array_field.-1” To reference a numeric key on a map: “map_field.:123.value”

    secretKeyRef
    OptionalSecretKeySelector

    SecretKeyRef is a reference to a key in a secret

    NamespaceSelector#

    (Appears on: Selector)

    NamespaceSelector is used to filter down on namespaces

    FieldDescription
    names
    []string

    Names provides a filter on the namespace name

    labels
    map[string][]string

    Labels is a collection of filters on the namespace

    OptionalSecretKeySelector#

    (Appears on: ConfigurationFromSource)

    FieldDescription
    SecretKeySelector
    SecretKeySelector

    (Members of SecretKeySelector are embedded into this type.)

    optional
    bool

    Optional controls whether the secret with the given key must exist

    Ownership#

    (Appears on: AKSSpec, AccountSpec, ExternalVPCSpec, PeeringSpec, SecurityGroupRuleSpec, CloudAccountStatus, CrossplaneDeploymentSpec, ClusterSpec, KubernetesSpec, NamespaceClaimSpec, AllocationSpec, BuildSpec, Component, EKSNodeGroupSpec, EKSSpec, EKSVPCSpec, ProjectSpec, GKESpec, IngressControllerSpec, AlertRuleSpec, RobotStatus, SecurityResourceOverview, SecurityScanResultSpec, ServiceAccessDeploymentSpec, ServiceAccessSpec, ServiceSpec)

    Ownership indicates the ownership of a resource

    FieldDescription
    group
    string

    Group is the api group

    version
    string

    Version is the group version

    kind
    string

    Kind is the name of the resource under the group

    namespace
    string

    Namespace is the location of the object

    name
    string

    Name is name of the resource

    ResourceSelector#

    (Appears on: Selector, Target)

    ResourceSelector is a resource selector

    FieldDescription
    nonResourceURLs
    []string

    NonResourceURLs are urls which do not map to resources by require some level of policy control

    groups
    []string

    Groups is a collection of api grouprs to filter on

    resources
    []string

    Resources is a collection of resources under those groups

    subresources
    []string

    SubResources is a collection of subresource under the resource type Deprecated field please use resource/subresource format

    resourceNames
    []string

    ResourceNames is a collection of resource names

    teamNames
    []string

    TeamNames is a collection of team names Deprecated field, no longer in use

    labels
    map[string]string

    Labels a collection of labels to filter the resource by

    verbs
    []string

    Verbs are actions on the resources themselves

    SecretKeySelector#

    (Appears on: OptionalSecretKeySelector)

    FieldDescription
    name
    string

    Name is the name of the secret

    namespace
    string

    Name is the namespace of the secret

    key
    string

    Key is they data key in the secret

    Status (string)#

    (Appears on: AKSStatus, AccountStatus, ExternalVPCStatus, PeeringStatus, SecurityGroupRuleStatus, AzureSubscriptionStatus, CloudAccountClaimStatus, CloudAccountStatus, CloudCredentialStatus, CrossplaneDeploymentStatus, ClusterStatus, KubernetesStatus, NamespaceClaimStatus, AllocationStatus, CloudMetaServiceStatus, CostImportRun, CostImportStatus, PlanPolicyStatus, PlanStatus, BuildRunStatus, BuildStatus, ImageStatus, ImageTagStatus, RegistryStatus, RunStatus, Component, EKSNodeGroupStatus, EKSStatus, EKSVPCStatus, ProjectStatus, GKEStatus, IngressControllerStatus, AssignableNetworkStatus, TeamInvitationStatus, TeamStatus, UserStatus, PolicyPlanStatus, PolicyStatus, RobotStatus, ServiceAccessDeploymentStatus, ServiceAccessStatus, ServiceCatalogStatus, ServiceDeploymentStatus, ServiceProviderStatus, ServiceStatus)

    Status is the status of a thing

    ValueDescription

    "ActionRequired"

    ActionRequiredStatus indicates that user action is required to remediate the current state of a resource, e.g. a spec value is wrong or some external action needs to be taken

    "Creating"

    CreatingStatus indicate we are creating a resource

    "DeleteFailed"

    DeleteFailedStatus indicates that deleting the entity failed

    "Deleted"

    DeletedStatus indicates a deleted entity

    "Deleting"

    DeletingStatus indicates we ar deleting the resource

    ""

    EmptyStatus indicates an empty status

    "Error"

    ErrorStatus indicates that a recoverable error happened

    "Failure"

    FailureStatus indicates the resource has failed for one or more reasons

    "Pending"

    PendingStatus indicate we are waiting

    "Success"

    SuccessStatus is a successful resource

    "Unknown"

    Unknown is an unknown status

    "Updating"

    UpdatingStatus indicate we are creating a resource

    "Warning"

    WarningStatus indicates are warning

    StatusAware#

    StatusAware is an interface for objects which have a status and zero or more components

    SubjectSelector#

    (Appears on: Selector)

    SubjectSelector is used to filter down in the caller

    FieldDescription
    subjects
    []string

    Subjects is a collection of subjects / username to filter on

    roles
    []string

    Roles is a collection of roles the user has access to

    groups
    []string

    Groups is a collection of groups the user is a member of

    scopes
    []string

    Scopes is a collection of scopes for the identity

    costs.kore.appvia.io/v1beta1#

    Package v1beta1 contains API Schema definitions for the cost v1beta1 API group

    Resource Types:

      Asset#

      Asset represents a resource known to Kore which a cost provider should provide costs data for

      FieldDescription
      tags
      map[string]string

      Tags are a set of tags which can be used to identify this asset

      teamIdentifier
      string

      TeamIdentifier is the unique identifier for the team that owns this asset

      assetIdentifier
      string

      AssetIdentifier is the unique identifier for this asset

      name
      string

      Name is the name of the resource in kore, for reference

      provider
      string

      Provider is the cloud provider who provides this resource

      AssetCost#

      AssetCost defines the details about a cost related to a piece of infrastructure deployed by Kore for a team. It is expected that any asset may have multiple AssetCosts covering a specific time period to represent the different charges levied by the provider for that piece of infrastructure.

      FieldDescription
      costIdentifier
      string

      CostIdentifier is the unique identifer for this line of cost data - cost providers must ensure that if a cost line item is updated, it has the same identifier, and that different line items have unique cost identifiers for a given AssetIdentifier. If a cost provider provides immutable cost entries, i.e. they will never be updated, then this can be left blank and Kore will assign a unique identifier.

      assetIdentifier
      string

      AssetIdentifier is the unique identifier assigned to the resource this cost applies to, e.g. the unique cluster ID, etc.

      teamIdentifier
      string

      TeamIdentifier is the unique identifier for the team this resource belongs to.

      cost
      int64

      Cost is the actual incurred cost total cost for this piece of infrastructure for the specified time period in microdollars

      usageStartTime
      Kubernetes meta/v1.Time

      UsageStartTime indicates the start of the period this cost is applicable for

      usageEndTime
      Kubernetes meta/v1.Time

      UsageEndTime indicates the end of the period this cost is applicable for

      usageType
      string

      UsageType is the provider-specific code or title for this type of usage (e.g. a SKU or similar)

      description
      string

      Description identifies the type of cost this line item refers to

      usageAmount
      string

      UsageAmount is the quantity of the resource used (e.g. amount of storage)

      usageUnit
      string

      UsageUnit is the unit that UsageAmount is expressed in (e.g. seconds, gibibytes, etc)

      provider
      string

      Provider indicates which cloud provider this cost relates to

      account
      string

      Account indicates which account / project / subscription this cost relates to

      invoice
      string

      Invoice is the invoice on which this cost was billed (in the format YYYYMM, e.g. 202008 for August 2020)

      retrievedAt
      Kubernetes meta/v1.Time

      RetrievedAt is the time at which this cost item was retrieved/refreshed from the provider

      AssetCostSummary#

      AssetCostSummary represents the total cost known to kore for an asset (over a period of time)

      FieldDescription
      assetIdentifier
      string

      AssetIdentifier is the unique identifier assigned to the resource this cost applies to, e.g. the unique cluster ID, etc.

      teamIdentifier
      string

      TeamIdentifier is the unique identifier for the team this resource belongs to.

      assetName
      string

      AssetName is the name of the asset these costs relate to

      assetType
      string

      AssetType is the type of the asset these costs relate to

      provider
      string

      Provider is the cloud provider who provides this assset

      details
      []*github.com/appvia/kore/pkg/apis/costs/v1beta1.AssetCost

      Details provides the individual cost line items that make up this summary

      CostSummary
      CostSummary

      Continent#

      Continent is a geographical grouping of regions

      FieldDescription
      name
      string
      regions
      []Region

      CostEstimate#

      CostEstimate defines the result of the cost estimation

      FieldDescription
      minCost
      int64

      MinCost is the minimum hourly cost estimate in microdollars

      typicalCost
      int64

      TypicalCost is the expected / likely hourly cost estimate in microdollars

      maxCost
      int64

      MaxCost is the estimated upper limit of the hourly cost in microdollars

      costElements
      []CostEstimateElement

      CostElements provides details of the different components which make up this cost estimate

      preparedAt
      Kubernetes meta/v1.Time

      PreparedAt indicates the time this estimate was prepared

      CostEstimateElement#

      (Appears on: CostEstimate)

      CostEstimateElement represents a logical component which has an associated cost

      FieldDescription
      name
      string

      Name is the name of this component

      minCost
      int64

      MinCost is the minimum hourly cost estimate of this component in microdollars

      typicalCost
      int64

      TypicalCost is the expected / likely hourly cost estimate of this component in microdollars

      maxCost
      int64

      MaxCost is the estimated upper limit of the hourly cost of this component in microdollars

      CostSummary#

      (Appears on: AssetCostSummary, OverallCostSummary, TeamCostSummary)

      CostSummary represents a total cost over a period of time

      FieldDescription
      cost
      int64

      Cost is the actual incurred cost total cost for the specified time period in microdollars

      usageStartTime
      Kubernetes meta/v1.Time

      StartTime indicates the start of the period this summary includes costs for

      usageEndTime
      Kubernetes meta/v1.Time

      EndTime indicates the end of the period this summary includes costs for

      InstanceType#

      InstanceType is an available compute type from a cloud provider

      FieldDescription
      category
      string

      Category is the classification of this instance type

      name
      string

      Name is the unique identifier of this instance type

      prices
      map[github.com/appvia/kore/pkg/apis/costs/v1beta1.PriceType]int64

      Prices gives the price of this instance type in microdollars per hour for the given price type

      mCpus
      int64

      MCpus is the number of milliCPUs assigned to this instance type

      mem
      int64

      Mem is the amount of memory, expressed in milli-GiBs, assigned to this instance type

      OverallCostSummary#

      OverallCostSummary represents the total costs known to kore over a period of time, and acts as a container for TeamCostSummaries

      PriceType (string)#

      PriceType is the possible types of prices for cloud infrastructure

      ValueDescription

      "OnDemand"

      PriceTypeOnDemand is the normal ‘rack’ price for a piece of infrastructure

      "PreEmptible"

      PriceTypePreEmptible is the fixed discounted price which you can use a piece of infrastructure for subject to availability and early termination

      "Spot"

      PriceTypeSpot is the variable price which you may be able to use a piece of infrastructure for

      Region#

      (Appears on: Continent)

      Region is a specific cloud provider region

      FieldDescription
      id
      string
      name
      string

      TeamCostSummary#

      TeamCostSummary represents the total cost known to kore for a team (over a period of time)

      FieldDescription
      teamIdentifier
      string

      TeamIdentifier is the unique identifier for the team these costs belongs to.

      teamName
      string

      TeamName is the name of the team that these costs belong to

      assetCosts
      []*github.com/appvia/kore/pkg/apis/costs/v1beta1.AssetCostSummary

      AssetCosts gives the detail of the assets which make up this team cost

      CostSummary
      CostSummary

      gcp.compute.kore.appvia.io/v1alpha1#

      Package v1alpha1 contains API Schema definitions for the GCP v1alpha1 API group

      Resource Types:

      Project#

      Project is the Schema for the ProjectClaims API

      FieldDescription
      apiVersion
      string
      gcp.compute.kore.appvia.io/v1alpha1
      kind
      string
      Project
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ProjectSpec
      projectName
      string

      ProjectName is the name of the project to create. We do this internally so we can easily change the project name without changing the resource name

      organization
      Ownership

      Organization is a reference to the gcp admin project to use

      labels
      map[string]string

      Labels are a set of labels on the project

      status
      ProjectStatus
      credentialRef
      Kubernetes core/v1.SecretReference

      CredentialRef is the reference to the credentials secret

      projectID
      string

      ProjectID is the project id

      status
      Status

      Status provides a overall status

      conditions
      Components

      Conditions is a set of components conditions

      ProjectSpec#

      (Appears on: Project)

      ProjectSpec defines the desired state of ProjectClaim

      FieldDescription
      projectName
      string

      ProjectName is the name of the project to create. We do this internally so we can easily change the project name without changing the resource name

      organization
      Ownership

      Organization is a reference to the gcp admin project to use

      labels
      map[string]string

      Labels are a set of labels on the project

      ProjectStatus#

      (Appears on: Project)

      ProjectStatus defines the observed state of GCP Project

      FieldDescription
      credentialRef
      Kubernetes core/v1.SecretReference

      CredentialRef is the reference to the credentials secret

      projectID
      string

      ProjectID is the project id

      status
      Status

      Status provides a overall status

      conditions
      Components

      Conditions is a set of components conditions

      gke.compute.kore.appvia.io/v1alpha1#

      Package v1alpha1 contains API Schema definitions for the gke v1alpha1 API group

      Resource Types:

      GKE#

      GKE is the Schema for the gkes API

      FieldDescription
      apiVersion
      string
      gke.compute.kore.appvia.io/v1alpha1
      kind
      string
      GKE
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      GKESpec
      cluster
      Ownership

      Cluster refers to the cluster this object belongs to

      credentials
      Ownership

      Credentials is a reference to the gke credentials object to use

      description
      string

      Description provides a short summary / description of the cluster.

      version
      string

      Version is the kubernetes version which the cluster master should be configured with. ‘-’ gives the current GKE default version, ‘latest’ gives most recent, 1.15 would be latest 1.15.x release, 1.15.1 would be the latest 1.15.1 release, and 1.15.1-gke.1 would be the exact specified version. Must be blank if following release channel.

      releaseChannel
      string

      ReleaseChannel is the GKE release channel to follow, “ (to follow no channel), ‘STABLE’ (only battle-tested releases every few months), ‘REGULAR’ (stable releases every few weeks) or ‘RAPID’ (bleeding edge, not suitable for production workloads). If anything other than “, Version must be blank.

      authorizedMasterNetworks
      []*github.com/appvia/kore/pkg/apis/gke/v1alpha1.AuthorizedNetwork

      AuthorizedMasterNetworks is a collection of authorized networks which is permitted to speak to the kubernetes API, default to all if not provided.

      servicesIPV4Cidr
      string

      ServicesIPV4Cidr is an optional network cidr configured for the cluster services

      region
      string

      Region is the gcp region you want the cluster to reside

      clusterIPV4Cidr
      string

      ClusterIPV4Cidr is an optional network CIDR which is used to place the pod network on

      enableHorizontalPodAutoscaler
      bool

      EnableHorizontalPodAutoscaler indicates if the cluster is configured with the horizontal pod autoscaler addon. This automatically adjusts the cpu and memory resources of pods in accordance with their demand. You should ensure you use PodDisruptionBudgets if this is enabled.

      enableHTTPLoadBalancer
      bool

      EnableHTTPLoadBalancer indicates if the cluster should be configured with the GKE ingress controller. When enabled GKE will autodiscover your ingress resources and provision load balancer on your behalf.

      enableIstio
      bool

      EnableIstio indicates if the GKE Istio service mesh is deployed to the cluster; this provides a more feature rich routing and instrumentation.

      enableShieldedNodes
      bool

      EnableShieldedNodes indicates we should enable the shielded nodes options in GKE. This protects against a variety of attacks by hardening the underlying GKE node against rootkits and bootkits.

      enableStackDriverLogging
      bool

      EnableStackDriverLogging indicates if Stackdriver logging should be enabled for the cluster

      enableStackDriverMetrics
      bool

      EnableStackDriverMetrics indicates if Stackdriver metrics should be enabled for the cluster

      enablePrivateEndpoint
      bool

      EnablePrivateEndpoint indicates whether the Kubernetes API should only be accessible from internal IP addresses

      enablePrivateNetwork
      bool

      EnablePrivateNetwork indicates if compute nodes should have external ip addresses or use private networking and a cloud-nat device.

      masterIPV4Cidr
      string

      MasterIPV4Cidr is network range used when private networking is enabled. This is the peering subnet used to to GKE master api layer. Note, this must be unique within the network.

      maintenanceWindow
      string

      MaintenanceWindow is the maintenance window provided for GKE to perform upgrades if enabled.

      tags
      map[string]string

      Tags is a collection of tags (resource labels) to apply to the GCP resources which make up this cluster

      nodePools
      []GKENodePool

      NodePools is the set of node pools for this cluster. Required unless ALL deprecated properties except subnetwork are set.

      size
      int64

      DEPRECATED: Set on node group instead, this property is now ignored. Size is the number of nodes per zone which should exist in the cluster.

      maxSize
      int64

      DEPRECATED: Set on node group instead, this property is now ignored. MaxSize assuming the autoscaler is enabled this is the maximum number nodes permitted

      diskSize
      int64

      DEPRECATED: Set on node group instead, this property is now ignored. DiskSize is the size of the disk used by the compute nodes.

      imageType
      string

      DEPRECATED: Set on node group instead, this property is now ignored. ImageType is the operating image to use for the default compute pool.

      machineType
      string

      DEPRECATED: Set on node group instead, this property is now ignored. MachineType is the machine type which the default nodes pool should use.

      subnetwork
      string

      DEPRECATED: This was always ignored. May be re-introduced in future. Subnetwork is name of the GCP subnetwork which the cluster nodes should reside -

      enableAutoscaler
      bool

      DEPRECATED: Set on node group instead, this property is now ignored. EnableAutoscaler indicates if the cluster should be configured with cluster autoscaling turned on

      enableAutoupgrade
      bool

      DEPRECATED: Set on node group instead, this property is now ignored. EnableAutoUpgrade indicates if the cluster should be configured with auto upgrading enabled; meaning both nodes are masters are scheduled to upgrade during your maintenance window.

      enableAutorepair
      bool

      DEPRECATED: Set on node group instead, this property is now ignored. EnableAutorepair indicates if the cluster should be configured with auto repair is enabled

      network
      string

      DEPRECATED: Not used - now projects are created automatically, always use default. Network is the GCP network the cluster reside on, which have to be unique within the GCP project and created beforehand.

      status
      GKEStatus
      conditions
      Components

      Conditions is the status of the components

      caCertificate
      string

      CACertificate is the certificate for this cluster

      endpoint
      string

      Endpoint is the endpoint of the cluster

      status
      Status

      Status provides a overall status

      AuthorizedNetwork#

      AuthorizedNetwork provides a definition for the authorized networks

      FieldDescription
      name
      string

      Name provides a descriptive name for this network

      cidr
      string

      CIDR is the network range associated to this network

      GKENodePool#

      (Appears on: GKESpec)

      GKENodePool represents a node pool within a GKE cluster

      FieldDescription
      name
      string

      Name provides a descriptive name for this node pool - must be unique within cluster

      enableAutoscaler
      bool

      EnableAutoscaler indicates if the node pool should be configured with autoscaling turned on

      enableAutorepair
      bool

      EnableAutorepair indicates if the node pool should automatically repair failed nodes

      version
      string

      Version is the initial kubernetes version which the node group should be configured with. ‘-’ gives the same version as the master, ‘latest’ gives most recent, 1.15 would be latest 1.15.x release, 1.15.1 would be the latest 1.15.1 release, and 1.15.1-gke.1 would be the exact specified version. Must be within 2 minor versions of the master version (e.g. master 1.16 supports node versios 1.14-1.16). If ReleaseChannel set on cluster, this must be blank.

      enableAutoupgrade
      bool

      EnableAutoUpgrade indicates if the node group should be configured with autograding enabled. This must be true if the cluster has ReleaseChannel set.

      size
      int64

      Size is the number of nodes per zone which should exist in the cluster. If auto-scaling is enabled, this will be the initial size of the node pool.

      minSize
      int64

      MinSize assuming the autoscaler is enabled this is the maximum number nodes permitted

      maxSize
      int64

      MaxSize assuming the autoscaler is enabled this is the maximum number nodes permitted

      maxPodsPerNode
      int64

      MaxPodsPerNode controls how many pods can be scheduled onto each node in this pool

      machineType
      string

      MachineType controls the type of nodes used in this node pool

      imageType
      string

      ImageType controls the operating system image of nodes used in this node pool

      diskSize
      int64

      DiskSize is the size of the disk used by the compute nodes.

      preemptible
      bool

      Preemptible controls whether to use pre-emptible nodes.

      labels
      map[string]string

      Labels is a set of labels to help Kubernetes workloads find this group

      taints
      []NodeTaint

      Taints are a collection of kubernetes taints applied to the node on provisioning

      GKESpec#

      (Appears on: GKE)

      GKESpec defines the desired state of GKE

      FieldDescription
      cluster
      Ownership

      Cluster refers to the cluster this object belongs to

      credentials
      Ownership

      Credentials is a reference to the gke credentials object to use

      description
      string

      Description provides a short summary / description of the cluster.

      version
      string

      Version is the kubernetes version which the cluster master should be configured with. ‘-’ gives the current GKE default version, ‘latest’ gives most recent, 1.15 would be latest 1.15.x release, 1.15.1 would be the latest 1.15.1 release, and 1.15.1-gke.1 would be the exact specified version. Must be blank if following release channel.

      releaseChannel
      string

      ReleaseChannel is the GKE release channel to follow, “ (to follow no channel), ‘STABLE’ (only battle-tested releases every few months), ‘REGULAR’ (stable releases every few weeks) or ‘RAPID’ (bleeding edge, not suitable for production workloads). If anything other than “, Version must be blank.

      authorizedMasterNetworks
      []*github.com/appvia/kore/pkg/apis/gke/v1alpha1.AuthorizedNetwork

      AuthorizedMasterNetworks is a collection of authorized networks which is permitted to speak to the kubernetes API, default to all if not provided.

      servicesIPV4Cidr
      string

      ServicesIPV4Cidr is an optional network cidr configured for the cluster services

      region
      string

      Region is the gcp region you want the cluster to reside

      clusterIPV4Cidr
      string

      ClusterIPV4Cidr is an optional network CIDR which is used to place the pod network on

      enableHorizontalPodAutoscaler
      bool

      EnableHorizontalPodAutoscaler indicates if the cluster is configured with the horizontal pod autoscaler addon. This automatically adjusts the cpu and memory resources of pods in accordance with their demand. You should ensure you use PodDisruptionBudgets if this is enabled.

      enableHTTPLoadBalancer
      bool

      EnableHTTPLoadBalancer indicates if the cluster should be configured with the GKE ingress controller. When enabled GKE will autodiscover your ingress resources and provision load balancer on your behalf.

      enableIstio
      bool

      EnableIstio indicates if the GKE Istio service mesh is deployed to the cluster; this provides a more feature rich routing and instrumentation.

      enableShieldedNodes
      bool

      EnableShieldedNodes indicates we should enable the shielded nodes options in GKE. This protects against a variety of attacks by hardening the underlying GKE node against rootkits and bootkits.

      enableStackDriverLogging
      bool

      EnableStackDriverLogging indicates if Stackdriver logging should be enabled for the cluster

      enableStackDriverMetrics
      bool

      EnableStackDriverMetrics indicates if Stackdriver metrics should be enabled for the cluster

      enablePrivateEndpoint
      bool

      EnablePrivateEndpoint indicates whether the Kubernetes API should only be accessible from internal IP addresses

      enablePrivateNetwork
      bool

      EnablePrivateNetwork indicates if compute nodes should have external ip addresses or use private networking and a cloud-nat device.

      masterIPV4Cidr
      string

      MasterIPV4Cidr is network range used when private networking is enabled. This is the peering subnet used to to GKE master api layer. Note, this must be unique within the network.

      maintenanceWindow
      string

      MaintenanceWindow is the maintenance window provided for GKE to perform upgrades if enabled.

      tags
      map[string]string

      Tags is a collection of tags (resource labels) to apply to the GCP resources which make up this cluster

      nodePools
      []GKENodePool

      NodePools is the set of node pools for this cluster. Required unless ALL deprecated properties except subnetwork are set.

      size
      int64

      DEPRECATED: Set on node group instead, this property is now ignored. Size is the number of nodes per zone which should exist in the cluster.

      maxSize
      int64

      DEPRECATED: Set on node group instead, this property is now ignored. MaxSize assuming the autoscaler is enabled this is the maximum number nodes permitted

      diskSize
      int64

      DEPRECATED: Set on node group instead, this property is now ignored. DiskSize is the size of the disk used by the compute nodes.

      imageType
      string

      DEPRECATED: Set on node group instead, this property is now ignored. ImageType is the operating image to use for the default compute pool.

      machineType
      string

      DEPRECATED: Set on node group instead, this property is now ignored. MachineType is the machine type which the default nodes pool should use.

      subnetwork
      string

      DEPRECATED: This was always ignored. May be re-introduced in future. Subnetwork is name of the GCP subnetwork which the cluster nodes should reside -

      enableAutoscaler
      bool

      DEPRECATED: Set on node group instead, this property is now ignored. EnableAutoscaler indicates if the cluster should be configured with cluster autoscaling turned on

      enableAutoupgrade
      bool

      DEPRECATED: Set on node group instead, this property is now ignored. EnableAutoUpgrade indicates if the cluster should be configured with auto upgrading enabled; meaning both nodes are masters are scheduled to upgrade during your maintenance window.

      enableAutorepair
      bool

      DEPRECATED: Set on node group instead, this property is now ignored. EnableAutorepair indicates if the cluster should be configured with auto repair is enabled

      network
      string

      DEPRECATED: Not used - now projects are created automatically, always use default. Network is the GCP network the cluster reside on, which have to be unique within the GCP project and created beforehand.

      GKEStatus#

      (Appears on: GKE)

      GKEStatus defines the observed state of GKE

      FieldDescription
      conditions
      Components

      Conditions is the status of the components

      caCertificate
      string

      CACertificate is the certificate for this cluster

      endpoint
      string

      Endpoint is the endpoint of the cluster

      status
      Status

      Status provides a overall status

      NodeTaint#

      (Appears on: GKENodePool)

      NodeTaint is the structure of a taint on a nodepoolhttps://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

      FieldDescription
      key
      string

      Key provides the key definition for this tainer

      value
      string

      Value is arbitrary value for this taint to compare

      effect
      string

      Effect is desired action on the taint

      ingress.kore.appvia.io/v1alpha1#

      Package v1alpha1 contains API Schema definitions for the ingress API group

      Resource Types:

      IngressController#

      IngressController is an ingress controller configuration

      FieldDescription
      apiVersion
      string
      ingress.kore.appvia.io/v1alpha1
      kind
      string
      IngressController
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      IngressControllerSpec
      cluster
      Ownership

      Cluster contains the reference to the cluster where the ingress controller will be installed

      kind
      string

      Kind refers to the service kind to use for the ingress controller service

      plan
      string

      Plan refers to the service plan to use for the ingress controller service

      class
      string

      Class is the ingress class. It must be unique for a given cluster.

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values to override on the service plan It will be applied as a JSON patch.

      status
      IngressControllerStatus
      components
      Components

      Components is a collection of component statuses

      status
      Status

      Status is the overall status of the ingress controller

      message
      string

      Message is the description of the current status

      IngressControllerSpec#

      (Appears on: IngressController)

      IngressControllerSpec defines the the desired status for an Ingress Controller

      FieldDescription
      cluster
      Ownership

      Cluster contains the reference to the cluster where the ingress controller will be installed

      kind
      string

      Kind refers to the service kind to use for the ingress controller service

      plan
      string

      Plan refers to the service plan to use for the ingress controller service

      class
      string

      Class is the ingress class. It must be unique for a given cluster.

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values to override on the service plan It will be applied as a JSON patch.

      IngressControllerStatus#

      (Appears on: IngressController)

      IngressControllerStatus defines the observed state of the ingress controller

      FieldDescription
      components
      Components

      Components is a collection of component statuses

      status
      Status

      Status is the overall status of the ingress controller

      message
      string

      Message is the description of the current status

      monitoring.kore.appvia.io/v1beta1#

      Package v1beta1 contains API Schema definitions for the v1beta1 API group

      Resource Types:

      Alert#

      Alert contains the definition of a alert

      FieldDescription
      apiVersion
      string
      monitoring.kore.appvia.io/v1beta1
      kind
      string
      Alert
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      AlertSpec
      alertID
      string

      AlertID is a unique identifier for this alert instance

      labels
      map[string]string

      Labels is a collection of labels on the alert

      event
      string

      Event is the raw event payload

      summary
      string

      Summary is human readable summary for the alert

      status
      AlertStatus
      archivedAt
      Kubernetes meta/v1.Time

      ArchivedAt is indicates if the alert has been archived

      detail
      string

      Detail provides a human readable message related to the current status of the alert

      silencedUntil
      Kubernetes meta/v1.Time

      SilencedUntil is the time the silence will finish

      rule
      AlertRule

      Rule is a reference to the rule the alert is based on

      status
      string

      Status is the status of the alert

      AlertRule#

      (Appears on: AlertStatus)

      AlertRule contains the definition of a alert rule

      FieldDescription
      apiVersion
      string
      monitoring.kore.appvia.io/v1beta1
      kind
      string
      AlertRule
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      AlertRuleSpec
      ruleID
      string

      RuleID is a unique identifier for this rule

      severity
      string

      Severity is the importance of the rule

      source
      string

      Source is the provider of the rule i.e. prometheus, or a named source

      summary
      string

      Summary is a summary of the rule

      rawRule
      string

      RawRule is the underlying rule definition

      resource
      Ownership

      Resource is the resource the alert is for

      AlertRuleSpec#

      (Appears on: AlertRule)

      AlertRuleSpec specifies the details of a alert rule

      FieldDescription
      ruleID
      string

      RuleID is a unique identifier for this rule

      severity
      string

      Severity is the importance of the rule

      source
      string

      Source is the provider of the rule i.e. prometheus, or a named source

      summary
      string

      Summary is a summary of the rule

      rawRule
      string

      RawRule is the underlying rule definition

      resource
      Ownership

      Resource is the resource the alert is for

      AlertSpec#

      (Appears on: Alert)

      AlertSpec specifies the details of a alert

      FieldDescription
      alertID
      string

      AlertID is a unique identifier for this alert instance

      labels
      map[string]string

      Labels is a collection of labels on the alert

      event
      string

      Event is the raw event payload

      summary
      string

      Summary is human readable summary for the alert

      AlertStatus#

      (Appears on: Alert)

      AlertStatus is the status of the alert

      FieldDescription
      archivedAt
      Kubernetes meta/v1.Time

      ArchivedAt is indicates if the alert has been archived

      detail
      string

      Detail provides a human readable message related to the current status of the alert

      silencedUntil
      Kubernetes meta/v1.Time

      SilencedUntil is the time the silence will finish

      rule
      AlertRule

      Rule is a reference to the rule the alert is based on

      status
      string

      Status is the status of the alert

      networks.kore.appvia.io/v1alpha1#

      Package v1alpha1 contains API Schema definitions for the gke v1alpha1 API group

      Resource Types:

      AssignableNetwork#

      AssignableNetwork is the definition for an assignable network range

      FieldDescription
      apiVersion
      string
      networks.kore.appvia.io/v1alpha1
      kind
      string
      AssignableNetwork
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      AssignableNetworkSpec
      provider
      string

      Providers the provider the range is assigned

      excludeTeams
      []string

      ExcludeTeams is a collection of teams whom are excluded from the requirement.

      includeTeams
      []string

      IncludeTeams is a collection of teams whom are included as part of the rule - if specified the requirement is only applied to those team - by default we assume this as a wildcard all teams

      networks
      []*github.com/appvia/kore/pkg/apis/networks/v1alpha1.AssignableNetworkRange

      Networks is a collection of network assignment for a particular provider

      plans
      []string

      Plans is a optional list of plans to associate the range to

      status
      AssignableNetworkStatus
      conditions
      []Condition

      Conditions is a set of condition which has caused an error

      status
      Status

      Status is overall status of the policy

      AssignableNetworkRange#

      AssignableNetworkRange defines a assignable network range

      FieldDescription
      defaultMask
      int

      DefaultMask is the default block to assign from the range

      min
      int

      Min is the smaller network mask a block can be assigned from - else we default the default mask

      max
      int

      Max is the maximum block size from the range

      range
      string

      Range is the CIDR range of the network

      type
      string

      Type is the network type being defined - i.e. pods, clusters or node

      AssignableNetworkSpec#

      (Appears on: AssignableNetwork)

      AssignableNetworkSpec define the definitions for network ranges

      FieldDescription
      provider
      string

      Providers the provider the range is assigned

      excludeTeams
      []string

      ExcludeTeams is a collection of teams whom are excluded from the requirement.

      includeTeams
      []string

      IncludeTeams is a collection of teams whom are included as part of the rule - if specified the requirement is only applied to those team - by default we assume this as a wildcard all teams

      networks
      []*github.com/appvia/kore/pkg/apis/networks/v1alpha1.AssignableNetworkRange

      Networks is a collection of network assignment for a particular provider

      plans
      []string

      Plans is a optional list of plans to associate the range to

      AssignableNetworkStatus#

      (Appears on: AssignableNetwork)

      AssignableNetworkStatus defines the observed state of status on a policy

      FieldDescription
      conditions
      []Condition

      Conditions is a set of condition which has caused an error

      status
      Status

      Status is overall status of the policy

      org.kore.appvia.io/v1#

      Package v1 contains API Schema definitions for the org v1 API group

      Resource Types:

      AuditEvent#

      AuditEvent is the Schema for the audit API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      AuditEvent
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      AuditEventSpec
      id
      int

      ID is the unique identifier of this audit event.

      createdAt
      Kubernetes meta/v1.Time

      CreatedAt is the timestamp of record creation

      resource
      string

      Resource is the area of the API accessed in this audit operation (e.g. teams, ).

      resourceURI
      string

      ResourceURI is the identifier of the resource in question.

      apiVersion
      string

      APIVersion is the version of the API used for this operation.

      verb
      string

      Verb is the type of action performed (e.g. PUT, GET, etc)

      operation
      string

      Operation is the operation performed (e.g. UpdateCluster, CreateCluster, etc).

      team
      string

      Team is the team whom event may be associated to

      user
      string

      User is the user which the event is related

      startedAt
      Kubernetes meta/v1.Time

      StartedAt is the timestamp the operation was initiated

      completedAt
      Kubernetes meta/v1.Time

      CompletedAt is the timestamp the operation completed

      responseCode
      int

      ResponseCode indicates the HTTP status code of the operation (e.g. 200, 404, etc).

      message
      string

      Message is event message itself

      Identity#

      Identity is the Schema for the identities API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      Identity
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      IdentitySpec
      accountType
      string

      AccountType is the account type of the identity i.e. sso, basicauth etc

      basicAuth
      BasicAuth

      BasicAuth defines a basicauth identity

      idpUser
      IDPUser

      IDPUser links to the associated idp user

      user
      User

      User is the user spec the identity is associated

      Team#

      Team is the Schema for the teams API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      Team
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TeamSpec
      summary
      string

      Summary is a summary name for this team

      description
      string

      Description is a description for the team

      status
      TeamStatus
      conditions
      []Condition

      Conditions is a collection of possible errors

      status
      Status

      Status is the status of the resource

      TeamInvitation#

      TeamInvitation is the Schema for the teams API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      TeamInvitation
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TeamInvitationSpec
      username
      string

      Username is the user being bound to the team

      team
      string

      Team is the name of the team

      status
      TeamInvitationStatus
      conditions
      []Condition

      Conditions is a collection of possible errors

      status
      Status

      Status is the status of the resource

      TeamMember#

      TeamMember is the Schema for the teams API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      TeamMember
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TeamMemberSpec
      roles
      []string

      DEPRECATED: these roles will no longer be read Role is the role of the user in the team

      team
      string

      Team is the name of the team

      username
      string

      Username is the user being bound to the team

      TeamMemberRole#

      TeamMemberRole is the Schema for the team member roles API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      TeamMemberRole
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TeamMemberRoleSpec
      user
      string

      User is the user in the team whom has the role

      role
      string

      Role is the role they have

      TeamRole#

      TeamRole is the Schema for the team roles API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      TeamRole
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      TeamRoleSpec
      description
      string

      Description is a description for the team role

      User#

      (Appears on: IdentitySpec)

      User is the Schema for the users API

      FieldDescription
      apiVersion
      string
      org.kore.appvia.io/v1
      kind
      string
      User
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      UserSpec
      disabled
      bool

      Disabled indicates if the user is disabled

      email
      string

      Email is the email for the user

      username
      string

      Username is the userame or identity for this user

      status
      UserStatus
      conditions
      []Condition

      Conditions is collection of potentials error causes

      status
      Status

      Status provides an overview of the user status

      AuditEventSpec#

      (Appears on: AuditEvent)

      AuditEventSpec defines the desired state of User

      FieldDescription
      id
      int

      ID is the unique identifier of this audit event.

      createdAt
      Kubernetes meta/v1.Time

      CreatedAt is the timestamp of record creation

      resource
      string

      Resource is the area of the API accessed in this audit operation (e.g. teams, ).

      resourceURI
      string

      ResourceURI is the identifier of the resource in question.

      apiVersion
      string

      APIVersion is the version of the API used for this operation.

      verb
      string

      Verb is the type of action performed (e.g. PUT, GET, etc)

      operation
      string

      Operation is the operation performed (e.g. UpdateCluster, CreateCluster, etc).

      team
      string

      Team is the team whom event may be associated to

      user
      string

      User is the user which the event is related

      startedAt
      Kubernetes meta/v1.Time

      StartedAt is the timestamp the operation was initiated

      completedAt
      Kubernetes meta/v1.Time

      CompletedAt is the timestamp the operation completed

      responseCode
      int

      ResponseCode indicates the HTTP status code of the operation (e.g. 200, 404, etc).

      message
      string

      Message is event message itself

      BasicAuth#

      (Appears on: IdentitySpec)

      BasicAuth defines the basicauth identity

      FieldDescription
      password
      string

      Password is a password associated to the user

      IDPUser#

      (Appears on: IdentitySpec)

      IDPUser is associated idp user

      FieldDescription
      email
      string

      Email for the associated user

      uuid
      string

      UUID is a unique id for the user in the external idp

      IdentitySpec#

      (Appears on: Identity)

      IdentitySpec defines the desired state of User

      FieldDescription
      accountType
      string

      AccountType is the account type of the identity i.e. sso, basicauth etc

      basicAuth
      BasicAuth

      BasicAuth defines a basicauth identity

      idpUser
      IDPUser

      IDPUser links to the associated idp user

      user
      User

      User is the user spec the identity is associated

      TeamAssetType (string)#

      TeamAssetType defines the type of a team asset

      ValueDescription

      "CloudService"

      TeamAssetTypeCloudService identifies a cloud service (e.g. S3 bucket, RDS instance) asset

      "Cluster"

      TeamAssetTypeCluster identifies a cluster asset

      "Namespace"

      TeamAssetTypeNamespace identifies a namespace asset

      "NodePool"

      TeamAssetTypeNodePool identifies a node pool asset

      TeamInvitationSpec#

      (Appears on: TeamInvitation)

      TeamInvitationSpec defines the desired state of Team

      FieldDescription
      username
      string

      Username is the user being bound to the team

      team
      string

      Team is the name of the team

      TeamInvitationStatus#

      (Appears on: TeamInvitation)

      TeamInvitationStatus defines the observed state of Team

      FieldDescription
      conditions
      []Condition

      Conditions is a collection of possible errors

      status
      Status

      Status is the status of the resource

      TeamMemberRoleSpec#

      (Appears on: TeamMemberRole)

      TeamMemberRoleSpec defines the desired state of TeamMemberRole

      FieldDescription
      user
      string

      User is the user in the team whom has the role

      role
      string

      Role is the role they have

      TeamMemberSpec#

      (Appears on: TeamMember)

      TeamMemberSpec defines the desired state of Team

      FieldDescription
      roles
      []string

      DEPRECATED: these roles will no longer be read Role is the role of the user in the team

      team
      string

      Team is the name of the team

      username
      string

      Username is the user being bound to the team

      TeamRoleSpec#

      (Appears on: TeamRole)

      TeamRoleSpec defines the desired state of TeamRole

      FieldDescription
      description
      string

      Description is a description for the team role

      TeamSpec#

      (Appears on: Team)

      TeamSpec defines the desired state of Team

      FieldDescription
      summary
      string

      Summary is a summary name for this team

      description
      string

      Description is a description for the team

      TeamStatus#

      (Appears on: Team)

      TeamStatus defines the observed state of Team

      FieldDescription
      conditions
      []Condition

      Conditions is a collection of possible errors

      status
      Status

      Status is the status of the resource

      UpdateBasicAuthIdentity#

      UpdateBasicAuthIdentity defines the desired state of an update

      FieldDescription
      password
      string

      Password is a password associated to the user

      username
      string

      Username is the user you are update the credential for

      UpdateIDPIdentity#

      UpdateIDPIdentity defines the desired state of an update

      FieldDescription
      IDToken
      string

      IDToken is the identity token from the provider

      UserSpec#

      (Appears on: User)

      UserSpec defines the desired state of User

      FieldDescription
      disabled
      bool

      Disabled indicates if the user is disabled

      email
      string

      Email is the email for the user

      username
      string

      Username is the userame or identity for this user

      UserStatus#

      (Appears on: User)

      UserStatus defines the observed state of User

      FieldDescription
      conditions
      []Condition

      Conditions is collection of potentials error causes

      status
      Status

      Status provides an overview of the user status

      policy.kore.appvia.io/v1alpha1#

      Package v1alpha1 contains API Schema definitions for the org v1alpha1 API group

      Resource Types:

      Policy#

      Policy is the Schema for the policies API

      FieldDescription
      apiVersion
      string
      policy.kore.appvia.io/v1alpha1
      kind
      string
      Policy
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      PolicySpec
      inputs
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Inputs are parameters to the plan templates

      hints
      []Kubernetes meta/v1.GroupVersionResource

      Hints provides a list collection of resources which might be required in the rules engine

      policy
      PolicyDecision

      Policy defines the policy definition itself

      policyRef
      PolicyReference

      PolicyRef is used to refer to an inbuild kore policy rather than defining a inline policy - we find the plan and copy onto the status for reference and implementation

      selectors
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.Selector

      Selectors is the resource we are filtering on

      target
      Target

      Target is the essentially the location the policy should be positioned If no target is supplied we assume it’s destined to the kore api

      status
      PolicyStatus
      conditions
      []Condition

      Conditions is a set of condition which has caused an error

      plan
      PolicyPlan

      Plan is a copy of the plans the policy is based on if any

      planRevision
      int64

      PlanRevision is the revision of the parent plan

      status
      Status

      Status is overall status of the policy

      PolicyPlan#

      (Appears on: PolicyStatus)

      PolicyPlan is the Schema for the policies API

      FieldDescription
      apiVersion
      string
      policy.kore.appvia.io/v1alpha1
      kind
      string
      PolicyPlan
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      PolicyPlanSpec
      description
      string

      Description is a summary of what the plan provides

      hints
      []Kubernetes meta/v1.GroupVersionResource

      Hints provides a list collection of resources which might be required in the rules engine

      inputs
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PolicyInput

      Inputs is a collection of inputs for this policy plan

      policy
      PolicyDecision

      Policy is the actual policy document associated to the plan

      selectors
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.Selector

      Selectors are optional filters which can be used to filter the target Deprecated, use the spec.templates of this policy - essentially it’s a list of filters which can be used i.e I can be applied to all Plans or all clusters

      templates
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PolicyTemplate

      Templates is a collection of templates used to generate polices on behalf of the subject

      target
      Target

      Target is a target for this policy i.e. kore api or one or more clusters

      status
      PolicyPlanStatus
      conditions
      []Condition

      Conditions is a set of condition which has caused an error

      status
      Status

      Status is overall status of the policy

      Robot#

      Robot is the Schema for the robot accounts API

      FieldDescription
      apiVersion
      string
      policy.kore.appvia.io/v1alpha1
      kind
      string
      Robot
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      RobotSpec
      description
      string

      Description provides a short summary on the use of the robot account

      secretRef
      Kubernetes core/v1.SecretReference

      SecretRef is a reference to the underlying kubernetes secret

      status
      RobotStatus
      secretRef
      Ownership

      DEPRECATED: secret reference is no longer in use SecretRef is a reference to the underlying kubernetes secret

      status
      Status

      Status is overall status of the policy

      AdmissionRequest#

      AdmissionRequest is request to evalute an access request

      FieldDescription
      dryRun
      bool

      DryRun indicates this is a dryrun to see the evaluation

      uuid
      k8s.io/apimachinery/pkg/types.UID

      UUID is a unique id for the request

      kind
      Kubernetes meta/v1.GroupVersionResource

      Kind is the fully-qualified resource being requested

      subResource
      string

      SubResource is the subresource being requested, if any (for example, “status” or “scale”)

      verb
      string

      Verb is the action being request

      resource
      []byte

      Resource is the actual request payload if any

      object
      Object

      Object is the decoded resource from above - this is required for the engine to be able to target the fields

      name
      string

      Name is the name of the resourc

      namespace
      string

      Namespace is the team the resource resides

      user
      UserInfo

      User is the details related to the user requesting the action

      origin
      RequestOrigin

      Origin is the origin of the request i.e ip address and so forth

      AdmissionResponse#

      Decision is the outcome of request which are broken down in a collection of categories - validation errors, violations (denials), logged indicated resource should be logged

      FieldDescription
      allowed
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.AllowedResult
      (Optional)

      Allowed is a collection of policy whom gave a allowed gave an allowed decision

      role
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.RolesResult
      (Optional)

      Role is a collection of roles which have been granted based on the policy

      logging
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.LogResult
      (Optional)

      Logging is a collection of logging requirements

      validation
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.ValidationErrorResult
      (Optional)

      Validation is a collection of validation errors

      violation
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.DeniedResult
      (Optional)

      Violation is a collection of violation access this resource

      AllowedResult#

      AllowedResult indicates the policy we activately permitted by a policy

      FieldDescription
      policy
      string

      Policy is the name of the policy

      code
      int

      Code is a machine readable code indicates the error

      field
      string

      Field is the optional field in question

      message
      string

      Message is a human readable message

      value
      string

      Value is the current value of the field

      Assignment#

      Assignment provides the subresource options for assiging an plan/policy to a subject

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      AssignmentSpec
      dryRun
      bool

      DryRun indicates we are asking not requesting it

      inputs
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PlanInput

      Inputs are the a collection of inputs for the plan

      subject
      Subject

      Subject is the identity we are applying the policy

      AssignmentSpec#

      (Appears on: Assignment)

      AssignmentSpec describes the assignement

      FieldDescription
      dryRun
      bool

      DryRun indicates we are asking not requesting it

      inputs
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PlanInput

      Inputs are the a collection of inputs for the plan

      subject
      Subject

      Subject is the identity we are applying the policy

      Assumption#

      Assumption describes a request to assume a policy plan

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      AssumptionSpec
      dryRun
      bool

      DryRun indicates we are only asking not requesting

      expiration
      time.Duration

      Expiration is the requested time period for the role

      inputs
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PlanInput

      Inputs are the a collection of inputs for the plan

      AssumptionSpec#

      (Appears on: Assumption)

      AssumptionSpec describes the subresource for assuming a policy

      FieldDescription
      dryRun
      bool

      DryRun indicates we are only asking not requesting

      expiration
      time.Duration

      Expiration is the requested time period for the role

      inputs
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PlanInput

      Inputs are the a collection of inputs for the plan

      CreateAssignmentPolicy#

      CreateAssignmentPolicy provides the subresource options for assiging an plan/policy to a subject

      FieldDescription
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      CreateAssignmentPolicySpec
      dryRun
      bool

      DryRun indicates we are asking not requesting it

      assigned
      Subject

      Assigned indicates who the policy can can be used by

      constraint
      Subject

      Constraint limits who the policy can be assigned to i.e. a robot account role, scope etc

      CreateAssignmentPolicySpec#

      (Appears on: CreateAssignmentPolicy)

      CreateAssignmentPolicySpec describes the assignement

      FieldDescription
      dryRun
      bool

      DryRun indicates we are asking not requesting it

      assigned
      Subject

      Assigned indicates who the policy can can be used by

      constraint
      Subject

      Constraint limits who the policy can be assigned to i.e. a robot account role, scope etc

      Decision#

      (Appears on: PolicyDecision)

      Decision is a inline decision on the outcome of the policy

      FieldDescription
      action
      string

      Action is the decision outcome i.e. allowed, denied or logged

      message
      string

      Message is a human readable reason for the outcome

      DeniedResult#

      DeniedResult indicates a denial error

      FieldDescription
      policy
      string

      Policy is the name of the policy

      code
      int

      Code is a machine readable code indicates the error

      field
      string

      Field is the optional field in question

      message
      string

      Message is a human readable message

      msg
      string

      Msg is a human readable message - added to make us compatible with gatekeeper

      value
      string

      Value is the current value of the field

      ExtraValue ([]string)#

      (Appears on: UserInfo)

      ExtraValue masks the value so protobuf can generate

      InputType (string)#

      (Appears on: PolicyInput)

      InputType indicates the values

      LogResult#

      LogResult indicates the response should be logged

      FieldDescription
      severity
      string

      Severity is the level of the event

      message
      string

      Message is the message which should be logged

      Object (map[string]interface)#

      (Appears on: AdmissionRequest)

      PlanInput#

      PlanInput describes an input

      FieldDescription
      name
      string

      Name of the variable for this input

      value
      string

      Value is value of the input

      values
      []string

      Values is a collection of values for this input

      PlanPolicyRef#

      PlanPolicyRef is defines a reference to the policy plan that was used to create this policy

      FieldDescription
      name
      string

      Name is the name of the policy plan

      version
      string

      Version is a hash of the policy plan configuration so we know when we have strays from the version

      PolicyDecision#

      (Appears on: PolicyPlanSpec, PolicySpec, PolicyTemplate)

      PolicyDecision defines the structure of a inline policy

      FieldDescription
      rolesDecision
      []string

      RolesDecision indicates a role is provided as an outcome

      decision
      Decision

      Decision is an inline decision on the action

      policy
      string

      Policy contains the inline rego template to apply

      PolicyInput#

      PolicyInput describes the input required for a policy plan

      FieldDescription
      apiVersion
      string

      APIVersion is the api group the resource input comes from

      description
      string

      Description provides a descriptive reason for why the input is required and how it’s related to the policy

      enum
      []string

      Enum is a collection of possible values

      format
      string

      Format indicates the format for of the input

      name
      string

      Name is the name of the input which is injected when templating out the policies

      required
      bool

      Required indicates the input is a required parameter

      resource
      string

      Resource is the resource inside the group the we need as an input

      type
      InputType

      Type indicates the type of value

      PolicyPlanSpec#

      (Appears on: PolicyPlan)

      PolicyPlanSpec defines the desired state of policy

      FieldDescription
      description
      string

      Description is a summary of what the plan provides

      hints
      []Kubernetes meta/v1.GroupVersionResource

      Hints provides a list collection of resources which might be required in the rules engine

      inputs
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PolicyInput

      Inputs is a collection of inputs for this policy plan

      policy
      PolicyDecision

      Policy is the actual policy document associated to the plan

      selectors
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.Selector

      Selectors are optional filters which can be used to filter the target Deprecated, use the spec.templates of this policy - essentially it’s a list of filters which can be used i.e I can be applied to all Plans or all clusters

      templates
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.PolicyTemplate

      Templates is a collection of templates used to generate polices on behalf of the subject

      target
      Target

      Target is a target for this policy i.e. kore api or one or more clusters

      PolicyPlanStatus#

      (Appears on: PolicyPlan)

      PolicyPlanStatus defines the observed state of status on a policy

      FieldDescription
      conditions
      []Condition

      Conditions is a set of condition which has caused an error

      status
      Status

      Status is overall status of the policy

      PolicyReference#

      (Appears on: PolicySpec)

      PolicyReference is used to reference an inbuilt policy document

      FieldDescription
      name
      string

      Name is the name of inbult policy we are referring to

      namespace
      string

      Namespace is the namespace the policy plan exists in

      PolicySpec#

      (Appears on: Policy)

      PolicySpec defines the desired state of policy

      FieldDescription
      inputs
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Inputs are parameters to the plan templates

      hints
      []Kubernetes meta/v1.GroupVersionResource

      Hints provides a list collection of resources which might be required in the rules engine

      policy
      PolicyDecision

      Policy defines the policy definition itself

      policyRef
      PolicyReference

      PolicyRef is used to refer to an inbuild kore policy rather than defining a inline policy - we find the plan and copy onto the status for reference and implementation

      selectors
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.Selector

      Selectors is the resource we are filtering on

      target
      Target

      Target is the essentially the location the policy should be positioned If no target is supplied we assume it’s destined to the kore api

      PolicyStatus#

      (Appears on: Policy)

      PolicyStatus defines the observed state of status on a policy

      FieldDescription
      conditions
      []Condition

      Conditions is a set of condition which has caused an error

      plan
      PolicyPlan

      Plan is a copy of the plans the policy is based on if any

      planRevision
      int64

      PlanRevision is the revision of the parent plan

      status
      Status

      Status is overall status of the policy

      PolicyTemplate#

      PolicyTemplate describes a policy template

      FieldDescription
      name
      string

      Name is a descriptive name of the policy template

      policy
      PolicyDecision

      Policy is the actual policy document associated to the plan

      selectors
      []*github.com/appvia/kore/pkg/apis/policy/v1alpha1.Selector

      Selectors are optional filters which can be used to filter the target

      target
      Target

      Target is a target for the for the policy - i.e the cluster or clusters the policy should be deployed. Left blank the policy is assumed to apply to the Kore API server itself.

      template
      string

      Template is the template used to generate the the policy

      RequestOrigin#

      (Appears on: AdmissionRequest)

      RequestOrigin are details on the where the request came from

      FieldDescription
      url
      string

      URL is the incoming request url

      headers
      net/http.Header
      (Optional)

      Headers are any optonal http headers from the request

      address
      string
      (Optional)

      Address is a external address of the request

      query
      net/url.Values
      (Optional)

      Query are query parameters to the request

      RobotSpec#

      (Appears on: Robot)

      RobotSpec defines the desired state of policy

      FieldDescription
      description
      string

      Description provides a short summary on the use of the robot account

      secretRef
      Kubernetes core/v1.SecretReference

      SecretRef is a reference to the underlying kubernetes secret

      RobotStatus#

      (Appears on: Robot)

      RobotStatus defines the observed state of status on a policy

      FieldDescription
      secretRef
      Ownership

      DEPRECATED: secret reference is no longer in use SecretRef is a reference to the underlying kubernetes secret

      status
      Status

      Status is overall status of the policy

      RolesResult#

      RolesResult indicates the policy as has permitted the use of a role based on the policy - this is largely used for rbac purposes

      FieldDescription
      policy
      string

      Policy is the name of the policy

      code
      int

      Code is a machine readable code indicates the error

      roles
      []string

      Roles is a collection of rbac roles which have been granted from the policy

      Selector#

      Selector provides a generate selector on resources

      FieldDescription
      action
      ActionSelector

      Action is a filter on the operation type Deprecated: this selector has been deprecated and does not filter

      namespace
      NamespaceSelector

      Namespace is a namespace selector

      resource
      ResourceSelector

      Resource selects on a kubernetes resource

      subject
      SubjectSelector

      Subject is a subject selector

      Subject#

      (Appears on: AssignmentSpec, CreateAssignmentPolicySpec)

      Subject is the identity we are applying the policy to

      FieldDescription
      groups
      []string

      Groups is a collection of teams the assignment is applied

      roles
      []string

      Roles is a collection of roles the policies should apply

      scopes
      []string

      Scopes is a collection of scopes who the policy should be assigned to

      subjects
      []string

      Subjects is a collection of subjects the policy should be assigned to

      Target#

      (Appears on: PolicyPlanSpec, PolicySpec, PolicyTemplate)

      Target is where the policy should be applied, the kore-apiserver, or remote cluster/s

      FieldDescription
      selector
      ResourceSelector

      Selector defines the location of a policy - which can be placed on a plan, teams, cluster etc - effectively these all get plached into clusters

      UserInfo#

      (Appears on: AdmissionRequest)

      UserInfo are details on the caller

      FieldDescription
      username
      string
      (Optional)

      The name that uniquely identifies this user among all active users.

      groups
      []string
      (Optional)

      The names of groups this user is a part of.

      roles
      []string
      (Optional)

      Roles are the roles the user holds in the various teams

      scopes
      []string
      (Optional)

      Scopes indicates the scope the token i.e. user, token etc

      extra
      map[string]github.com/appvia/kore/pkg/apis/policy/v1alpha1.ExtraValue
      (Optional)

      Any additional information provided by the authenticator.

      claims
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON
      (Optional)

      Claims are jwt claims from the user token

      attributes
      map[string]string
      (Optional)

      Attributes are additional attributes on the user

      ValidationErrorResult#

      ValidationErrorResult indicates a validation error was found

      FieldDescription
      policy
      string

      Policy is the name of the policy

      field
      string

      Field is the optional field in question

      value
      string

      Value is the current value of the field

      allowed
      []string

      Allowed is an optional permitted list

      message
      string

      Message is a human readable message

      security.kore.appvia.io/v1#

      Package v1 contains API Schema definitions for the security v1 API group

      Resource Types:

      SecurityOverview#

      SecurityOverview contains a report about the current state of Kore or a team

      FieldDescription
      apiVersion
      string
      security.kore.appvia.io/v1
      kind
      string
      SecurityOverview
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      SecurityOverviewSpec
      team
      string

      Team will be populated with the team name if this report is about a team, else unpopulated for a report for the whole of Kore

      openIssueCounts
      map[github.com/appvia/kore/pkg/apis/security/v1.RuleStatus]uint64

      OpenIssueCounts informs how many issues of each rule status exist currently

      resources
      []SecurityResourceOverview

      Resources contains summaries of the open issues for each resource

      SecurityRule#

      SecurityRule contains the definition of a security rule

      FieldDescription
      apiVersion
      string
      security.kore.appvia.io/v1
      kind
      string
      SecurityRule
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      SecurityRuleSpec
      code
      string

      Code is the unique identifier of this rule

      name
      string

      Name is the human-readable name of this rule

      description
      string

      Description is the markdown-formatted extended description of this rule.

      appliesTo
      []string

      AppliesTo is the list of resource types (e.g. Plan, Cluster) that this rule is applicable for

      SecurityScanResult#

      SecurityScanResult contains the result of a scan against all registered rules

      FieldDescription
      apiVersion
      string
      security.kore.appvia.io/v1
      kind
      string
      SecurityScanResult
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      SecurityScanResultSpec
      id
      uint64

      ID is the ID of this scan result in the data store

      resource
      Ownership

      Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan

      owningTeam
      string

      OwningTeam is the name of the Kore team that owns this resource, will be empty if it is a non-team resource.

      checkedAt
      Kubernetes meta/v1.Time

      CheckedAt is the timestamp this result was determined

      archivedAt
      Kubernetes meta/v1.Time

      ArchivedAt is the timestamp this result was superceded by a later scan - if ArchivedAt.IsZero() is true this is the most recent scan.

      overallStatus
      RuleStatus

      OverallStatus indicates the worst-case status of the rules checked in this scan

      results
      []*github.com/appvia/kore/pkg/apis/security/v1.SecurityScanRuleResult

      Results are the underlying results of the individual rules run as part of this scan

      RuleStatus (string)#

      (Appears on: SecurityResourceOverview, SecurityScanResultSpec, SecurityScanRuleResult)

      RuleStatus values represent the possible status of compliance with a security rule.

      ValueDescription

      "Compliant"

      Compliant indicates that this target is fully compliant with the specified rule.

      "Failure"

      Failure indicates that this target is uncompliant in a significant way and should be mitigated. This would typically be used for rules where compliance is considered to be vital to a well-run cluster.

      "Warning"

      Warning indicates that this target is uncompliant in such a way that consideration should be made as to whether this should be remediated. This would typically be used for best practice considerations, where not being compliant isn’t necessarily a critical issue.

      SecurityOverviewSpec#

      (Appears on: SecurityOverview)

      SecurityOverviewSpec shows the overall current security posture of Kore or a team

      FieldDescription
      team
      string

      Team will be populated with the team name if this report is about a team, else unpopulated for a report for the whole of Kore

      openIssueCounts
      map[github.com/appvia/kore/pkg/apis/security/v1.RuleStatus]uint64

      OpenIssueCounts informs how many issues of each rule status exist currently

      resources
      []SecurityResourceOverview

      Resources contains summaries of the open issues for each resource

      SecurityResourceOverview#

      (Appears on: SecurityOverviewSpec)

      SecurityResourceOverview provides an overview of the open issue counts for a resource

      FieldDescription
      resource
      Ownership

      Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan

      lastChecked
      Kubernetes meta/v1.Time

      LastChecked is the timestamp this resource was last scanned

      overallStatus
      RuleStatus

      OverallStatus is the overall status of this resource

      openIssueCounts
      map[github.com/appvia/kore/pkg/apis/security/v1.RuleStatus]uint64

      OpenIssueCounts is the summary of open issues for this resource

      SecurityRuleSpec#

      (Appears on: SecurityRule)

      SecurityRuleSpec specifies the details of a security rule

      FieldDescription
      code
      string

      Code is the unique identifier of this rule

      name
      string

      Name is the human-readable name of this rule

      description
      string

      Description is the markdown-formatted extended description of this rule.

      appliesTo
      []string

      AppliesTo is the list of resource types (e.g. Plan, Cluster) that this rule is applicable for

      SecurityScanResultSpec#

      (Appears on: SecurityScanResult)

      SecurityScanResultSpec shows the overall result of a scan against all registered rules

      FieldDescription
      id
      uint64

      ID is the ID of this scan result in the data store

      resource
      Ownership

      Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan

      owningTeam
      string

      OwningTeam is the name of the Kore team that owns this resource, will be empty if it is a non-team resource.

      checkedAt
      Kubernetes meta/v1.Time

      CheckedAt is the timestamp this result was determined

      archivedAt
      Kubernetes meta/v1.Time

      ArchivedAt is the timestamp this result was superceded by a later scan - if ArchivedAt.IsZero() is true this is the most recent scan.

      overallStatus
      RuleStatus

      OverallStatus indicates the worst-case status of the rules checked in this scan

      results
      []*github.com/appvia/kore/pkg/apis/security/v1.SecurityScanRuleResult

      Results are the underlying results of the individual rules run as part of this scan

      SecurityScanRuleResult#

      SecurityScanRuleResult represents the compliance status of a target with respect to a specific security rule.

      FieldDescription
      ruleCode
      string

      RuleCode indicates the rule that this result relates to

      status
      RuleStatus

      Status indicates the compliance of the target with this rule

      message
      string

      Message provides additional information about the status of this rule on this target, if applicable

      checkedAt
      Kubernetes meta/v1.Time

      CheckedAt is the timestamp this result was determined

      services.kore.appvia.io/v1#

      Package v1 contains API Schema definitions for the services v1 API group

      Resource Types:

      Service#

      Service is a managed service instance

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      Service
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceSpec
      kind
      string

      Kind refers to the service type

      plan
      string

      Plan is the name of the service plan which was used to create this service

      cluster
      Ownership

      Cluster contains the reference to the cluster where the service will be created

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the cluster where the service will be created

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for this service It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and service configuration

      configurationFrom
      ConfigurationFromSourceList

      ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration

      status
      ServiceStatus
      components
      Components

      Components is a collection of component statuses

      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      providerID
      string

      ProviderID is the service identifier in the service provider

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      plan
      string

      Plan is the name of the service plan which was used to create this service

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the applied configuration values for this service

      serviceAccessEnabled
      bool

      ServiceAccessEnabled is true if service access is enabled for this service

      ServiceAccess#

      ServiceAccess is service access parameters provisioned by a service into the target namespace It contains the endpoint of the service and access credentials if required.

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServiceAccess
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceAccessSpec
      kind
      string

      Kind refers to the service type

      service
      Ownership

      Service contains the reference to the service object

      cluster
      Ownership

      Cluster contains the reference to the cluster where the access parameters will be saved as a secret

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the cluster where the secret will be created

      secretName
      string

      SecretName is the Kubernetes Secret’s name that will contain the service access information If not set the secret’s name will default to Name

      secretTemplate
      string

      SecretTemplate defines in what format the secrets should be stored If empty, the secrets will be stored as key values If a YAML template is provided using Go templating, the compiled template will be set under a “values.yaml” key The secrets can be referenced using ‘{{ index .Values “SECRET_PARAM” }}’ Helm template functions can also be used

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for this service access It will be used by the service provider to provision the service access

      status
      ServiceAccessStatus
      components
      Components

      Components is a collection of component statuses

      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      providerID
      string

      ProviderID is the service access identifier in the service provider

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      ServiceAccessDeployment#

      ServiceAccessDeployment is a template for a service access deployment

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServiceAccessDeployment
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceAccessDeploymentSpec
      displayName
      string

      DisplayName overrides the name to display

      summary
      string

      Summary provides a short title summary for the deployment

      description
      string

      Description is a detailed description of the service access deployment

      serviceDeployment
      Ownership

      ServiceDeployment contains the reference to the service deployment object

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the cluster where the secret will be created

      secretName
      string

      SecretName is the Kubernetes Secret’s name that will contain the service access information

      secretTemplate
      string

      SecretTemplate defines in what format the secrets should be stored If empty, the secrets will be stored as key values If a YAML template is provided using Go templating, the compiled template will be set under a “values.yaml” key The secrets can be referenced using ‘{{ index .Values “SECRET_PARAM” }}’ Helm template functions can also be used

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for this service access It will be used by the service provider to provision the service access

      serviceAccessName
      string

      ServiceAccessName is the name of the service access in each cluster If empty it defaults to the name of the service access deployment

      status
      ServiceAccessDeploymentStatus
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      components
      Components

      Components is a collection of component statuses

      ServiceCatalog#

      ServiceCatalog is a template for a service catalog

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServiceCatalog
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceCatalogSpec
      displayName
      string

      DisplayName overrides the name to display

      summary
      string

      Summary provides a short title summary for the catalog

      description
      string

      Description is a detailed description of the service catalog

      url
      string

      URL is the URL of the service catalog

      serviceKindPrefix
      string

      ServiceKindPrefix is the prefix to add to all created service kinds

      status
      ServiceCatalogStatus
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      ServiceDeployment#

      ServiceDeployment is a template for a service deployment

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServiceDeployment
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceDeploymentSpec
      displayName
      string

      DisplayName overrides the name to display

      summary
      string

      Summary provides a short title summary for the deployment

      description
      string

      Description is a detailed description of the service deployment

      kind
      string

      Kind refers to the service type

      plan
      string

      Plan is the name of the service plan which is used to create the services

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for the created service It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and service configuration

      configurationFrom
      ConfigurationFromSourceList

      ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration

      clusterSelector
      ClusterSelector

      ClusterSelector defines in which clusters should we install the given service

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the clusters where there the service will be created

      serviceName
      string

      ServiceName is the name of the service in each cluster If empty it defaults to the name of the service deployment

      status
      ServiceDeploymentStatus
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      components
      Components

      Components is a collection of component statuses

      ServiceKind#

      ServiceKind is a service type

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServiceKind
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceKindSpec
      type
      string

      Type is the service type, used by the service providers to decide how to handle the service kind

      enabled
      bool

      Enabled is true if the service kind can be used

      serviceAccessEnabled
      bool

      ServiceAccessEnabled is true if the service provider can create service access for this service kind

      displayName
      string

      DisplayName refers to the display name of the service type

      summary
      string

      Summary provides a short title summary for the service kind

      description
      string

      Description is a detailed description of the service kind

      imageURL
      string

      ImageURL is a thumbnail for the service kind

      documentationURL
      string

      DocumentationURL refers to the documentation page for this service

      schema
      string

      Schema is the JSON schema for the plan

      accessSchema
      string

      AccessSchema is the JSON schema for a service access

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      ServicePlan#

      ServicePlan is a template for a service

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServicePlan
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServicePlanSpec
      kind
      string

      Kind refers to the service type this is a plan for

      serviceAccessDisabled
      bool

      ServiceAccessDisabled is true if service access is disabled for services using this plan It only has an effect if service access is enabled on the service kind

      displayName
      string

      DisplayName refers to the display name of the service type

      labels
      map[string]string

      Labels is a collection of labels for this plan

      summary
      string

      Summary provides a short title summary for the plan

      description
      string

      Description is a detailed description of the service plan

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the key+value pairs describing a service configuration

      schema
      string

      Schema is the JSON schema for the plan

      accessSchema
      string

      AccessSchema is the JSON schema for service access

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      ServiceProvider#

      ServiceProvider is a template for a service provider

      FieldDescription
      apiVersion
      string
      services.kore.appvia.io/v1
      kind
      string
      ServiceProvider
      metadata
      Kubernetes meta/v1.ObjectMeta
      Refer to the Kubernetes API documentation for the fields of the metadata field.
      spec
      ServiceProviderSpec
      type
      string

      Type refers to the service provider type

      summary
      string

      Summary provides a short title summary for the provider

      description
      string

      Description is a detailed description of the service provider

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the key+value pairs describing a service provider

      configurationSchema
      string

      ConfigurationSchema is the $id of the configuration’s JSON schema

      configurationFrom
      ConfigurationFromSourceList

      ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration

      status
      ServiceProviderStatus
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      components
      Components

      Components is a collection of component statuses

      supportedTypes
      []string

      SupportedTypes contains all the supported service types

      ClusterSelector#

      (Appears on: ServiceDeploymentSpec)

      ClusterSelector is a way to define conditions to identify a group of clusters

      FieldDescription
      kinds
      []string

      Kinds defines the cluster kinds this deployment applies to If empty, the cluster kind is not filtered

      teams
      []string

      Kinds defines the teams this deployment applies to If empty, the team is not filtered

      LabelSelector
      Kubernetes meta/v1.LabelSelector

      (Members of LabelSelector are embedded into this type.)

      LabelSelector is a cluster label selector

      ServiceAccessDeploymentSpec#

      (Appears on: ServiceAccessDeployment)

      ServiceAccessDeploymentSpec defines the desired state of a service catalog

      FieldDescription
      displayName
      string

      DisplayName overrides the name to display

      summary
      string

      Summary provides a short title summary for the deployment

      description
      string

      Description is a detailed description of the service access deployment

      serviceDeployment
      Ownership

      ServiceDeployment contains the reference to the service deployment object

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the cluster where the secret will be created

      secretName
      string

      SecretName is the Kubernetes Secret’s name that will contain the service access information

      secretTemplate
      string

      SecretTemplate defines in what format the secrets should be stored If empty, the secrets will be stored as key values If a YAML template is provided using Go templating, the compiled template will be set under a “values.yaml” key The secrets can be referenced using ‘{{ index .Values “SECRET_PARAM” }}’ Helm template functions can also be used

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for this service access It will be used by the service provider to provision the service access

      serviceAccessName
      string

      ServiceAccessName is the name of the service access in each cluster If empty it defaults to the name of the service access deployment

      ServiceAccessDeploymentStatus#

      (Appears on: ServiceAccessDeployment)

      ServiceAccessDeploymentStatus defines the observed state of a service access deployment

      FieldDescription
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      components
      Components

      Components is a collection of component statuses

      ServiceAccessSpec#

      (Appears on: ServiceAccess)

      ServiceAccessSpec defines the the desired status for a service access

      FieldDescription
      kind
      string

      Kind refers to the service type

      service
      Ownership

      Service contains the reference to the service object

      cluster
      Ownership

      Cluster contains the reference to the cluster where the access parameters will be saved as a secret

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the cluster where the secret will be created

      secretName
      string

      SecretName is the Kubernetes Secret’s name that will contain the service access information If not set the secret’s name will default to Name

      secretTemplate
      string

      SecretTemplate defines in what format the secrets should be stored If empty, the secrets will be stored as key values If a YAML template is provided using Go templating, the compiled template will be set under a “values.yaml” key The secrets can be referenced using ‘{{ index .Values “SECRET_PARAM” }}’ Helm template functions can also be used

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for this service access It will be used by the service provider to provision the service access

      ServiceAccessStatus#

      (Appears on: ServiceAccess)

      ServiceAccessStatus defines the observed state of a service

      FieldDescription
      components
      Components

      Components is a collection of component statuses

      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      providerID
      string

      ProviderID is the service access identifier in the service provider

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      ServiceCatalogSpec#

      (Appears on: ServiceCatalog)

      ServiceCatalogSpec defines the desired state of a service catalog

      FieldDescription
      displayName
      string

      DisplayName overrides the name to display

      summary
      string

      Summary provides a short title summary for the catalog

      description
      string

      Description is a detailed description of the service catalog

      url
      string

      URL is the URL of the service catalog

      serviceKindPrefix
      string

      ServiceKindPrefix is the prefix to add to all created service kinds

      ServiceCatalogStatus#

      (Appears on: ServiceCatalog)

      ServiceCatalogStatus defines the observed state of a service catalog

      FieldDescription
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      ServiceDeploymentSpec#

      (Appears on: ServiceDeployment)

      ServiceDeploymentSpec defines the desired state of a service catalog

      FieldDescription
      displayName
      string

      DisplayName overrides the name to display

      summary
      string

      Summary provides a short title summary for the deployment

      description
      string

      Description is a detailed description of the service deployment

      kind
      string

      Kind refers to the service type

      plan
      string

      Plan is the name of the service plan which is used to create the services

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for the created service It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and service configuration

      configurationFrom
      ConfigurationFromSourceList

      ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration

      clusterSelector
      ClusterSelector

      ClusterSelector defines in which clusters should we install the given service

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the clusters where there the service will be created

      serviceName
      string

      ServiceName is the name of the service in each cluster If empty it defaults to the name of the service deployment

      ServiceDeploymentStatus#

      (Appears on: ServiceDeployment)

      ServiceDeploymentStatus defines the observed state of a service deployment

      FieldDescription
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      components
      Components

      Components is a collection of component statuses

      ServiceKindSpec#

      (Appears on: ServiceKind)

      ServiceKindSpec defines the state of a service kind

      FieldDescription
      type
      string

      Type is the service type, used by the service providers to decide how to handle the service kind

      enabled
      bool

      Enabled is true if the service kind can be used

      serviceAccessEnabled
      bool

      ServiceAccessEnabled is true if the service provider can create service access for this service kind

      displayName
      string

      DisplayName refers to the display name of the service type

      summary
      string

      Summary provides a short title summary for the service kind

      description
      string

      Description is a detailed description of the service kind

      imageURL
      string

      ImageURL is a thumbnail for the service kind

      documentationURL
      string

      DocumentationURL refers to the documentation page for this service

      schema
      string

      Schema is the JSON schema for the plan

      accessSchema
      string

      AccessSchema is the JSON schema for a service access

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      ServicePlanSpec#

      (Appears on: ServicePlan)

      ServicePlanSpec defines the desired state of Service plan

      FieldDescription
      kind
      string

      Kind refers to the service type this is a plan for

      serviceAccessDisabled
      bool

      ServiceAccessDisabled is true if service access is disabled for services using this plan It only has an effect if service access is enabled on the service kind

      displayName
      string

      DisplayName refers to the display name of the service type

      labels
      map[string]string

      Labels is a collection of labels for this plan

      summary
      string

      Summary provides a short title summary for the plan

      description
      string

      Description is a detailed description of the service plan

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the key+value pairs describing a service configuration

      schema
      string

      Schema is the JSON schema for the plan

      accessSchema
      string

      AccessSchema is the JSON schema for service access

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      ServiceProviderSpec#

      (Appears on: ServiceProvider)

      ServiceProviderSpec defines the desired state of a Service provider

      FieldDescription
      type
      string

      Type refers to the service provider type

      summary
      string

      Summary provides a short title summary for the provider

      description
      string

      Description is a detailed description of the service provider

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the key+value pairs describing a service provider

      configurationSchema
      string

      ConfigurationSchema is the $id of the configuration’s JSON schema

      configurationFrom
      ConfigurationFromSourceList

      ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration

      ServiceProviderStatus#

      (Appears on: ServiceProvider)

      ServiceProviderStatus defines the observed state of a service provider

      FieldDescription
      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      components
      Components

      Components is a collection of component statuses

      supportedTypes
      []string

      SupportedTypes contains all the supported service types

      ServiceSpec#

      (Appears on: Service)

      ServiceSpec defines the desired state of a service

      FieldDescription
      kind
      string

      Kind refers to the service type

      plan
      string

      Plan is the name of the service plan which was used to create this service

      cluster
      Ownership

      Cluster contains the reference to the cluster where the service will be created

      clusterNamespace
      string

      ClusterNamespace is the target namespace in the cluster where the service will be created

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the configuration values for this service It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and service configuration

      configurationFrom
      ConfigurationFromSourceList

      ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration

      ServiceStatus#

      (Appears on: Service)

      ServiceStatus defines the observed state of a service

      FieldDescription
      components
      Components

      Components is a collection of component statuses

      status
      Status

      Status is the overall status of the service

      message
      string

      Message is the description of the current status

      providerID
      string

      ProviderID is the service identifier in the service provider

      providerData
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      ProviderData is provider specific data

      plan
      string

      Plan is the name of the service plan which was used to create this service

      configuration
      k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON

      Configuration are the applied configuration values for this service

      serviceAccessEnabled
      bool

      ServiceAccessEnabled is true if service access is enabled for this service

      This page was automatically generated with gen-crd-api-reference-docs