Custom Resource Definitions
Packages
- aws.appvia.io/v1alpha1
- cloudaccess.appvia.io/v1alpha1
- cloudservices.appvia.io/v1alpha1
- compute.appvia.io/v1alpha1
- config.appvia.io/v1alpha1
- container.appvia.io/v1alpha1
- core.appvia.io/v1alpha1
- costs.appvia.io/v1alpha1
- networking.appvia.io/v1alpha1
- networks.appvia.io/v1alpha1
- org.appvia.io/v1alpha1
- package.appvia.io/v1alpha1
- policy.appvia.io/v1alpha1
- security.appvia.io/v1alpha1
- services.appvia.io/v1alpha1
aws.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the AWS v1alpha1 API group
Resource Types:ExternalVPC
ExternalVPC is the Schema for the non-wayfinder managed vpc
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | aws.appvia.io/v1alpha1 | ||||||||||||||
| kind string | ExternalVPC | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec ExternalVPCSpec |
| ||||||||||||||
| status ExternalVPCStatus |
|
Peering
Peering is the Schema for the aws peerings
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | aws.appvia.io/v1alpha1 | ||||||||||||
| kind string | Peering | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec PeeringSpec |
| ||||||||||||
| status PeeringStatus |
|
SecurityGroupRule
SecurityGroupRule is the Schema for the security group rule
| Field | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | aws.appvia.io/v1alpha1 | ||||||||||||||||
| kind string | SecurityGroupRule | ||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||
| spec SecurityGroupRuleSpec |
| ||||||||||||||||
| status SecurityGroupRuleStatus |
|
ExternalVPCSpec
(Appears on: ExternalVPC)
ExternalVPCSpec defines the desired state of non-wayfinder managed vpc resource
| Field | Description |
|---|---|
| accountID string | AccountID is the account is different we need to peer with |
| description string | Description describes what the network is for / pointing to |
| providerSourceRef Ownership | ProviderSourceRef is a reference to the cloudaccount for the source |
| region string | Region is the AWS region the account exists |
| routeTableSelector map[string]string | RouteTableSelector is used to filter in the route tables for this network. When adding routes these are used to add the routes to |
| routes []string | Routes is route we should advertise into the source network |
| vpcID string | VPCID is the vpc id we need to connect to |
ExternalVPCStatus
(Appears on: ExternalVPC)
ExternalVPCStatus defines the observed state of an non-managed wayfinder vpc
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is a set of components conditions |
| status Status | Status provides a overall status |
PeeringAccount
(Appears on: PeeringStatus)
PeeringAccount types a peering account
| Field | Description |
|---|---|
| accountID string | AccountID is the id of the account |
| networkID string | NetworkID is the network id we connecting to |
| region string | Region is the aws region the account exists |
| routes []string | Routes is a collection of route added |
| type string | Type is the type of resource we are connecting (vpc, external-vpc, transit) |
PeeringSpec
(Appears on: Peering)
PeeringSpec defines the desired state of peering request
| Field | Description |
|---|---|
| destinationNetworkRef Ownership | DestinationNetworkRef is a reference to the vpc destination |
| enableAcceptance bool | EnableAcceptance indicates we should accept on the destination end |
| enableDestinationRouting bool | EnableDestinationRouting indicates we should update the destination routing |
| routeTableDestinationSelector map[string]string | RouteTableDestinationSelector provides the tags selector for the route table, assuming update route table option is enabled |
| routeTableSourceSelector map[string]string | RouteTableSourceSelector provides the tags selector for the route table, assuming update route table option is enabled |
| sourceNetworkRef Ownership | SourceNetworkRef is a reference to the vpc to peering source |
PeeringStatus
(Appears on: Peering)
PeeringStatus defines the observed state of an Account
| Field | Description |
|---|---|
| peeringStatus string | PeeringStatus is the current status of the peering connection |
| peeringID string | PeeringID is the peering connection id from aws |
| sourceAccount PeeringAccount | SourceAccountID is the account the peering has been requested from |
| destinationAccount PeeringAccount | DestinationAccountID is the destination account |
| conditions []LegacyCondition | Conditions is a set of components conditions |
| status Status | Status provides a overall status |
SecurityGroupRuleSpec
(Appears on: SecurityGroupRule)
SecurityGroupRuleSpec defines the desired state of security group rule
| Field | Description |
|---|---|
| description string | Description provides a human readiable description for the existence |
| networkRef Ownership | NetworkRef is the source network the security group is attached to |
| securityGroupSelector map[string]string | SecurityGroupSelector is a selector used to find the security groups |
| providerRef Ownership | ProviderRef is a reference to the credentials to use for the api access |
| protocol string | Protocol is the networking protocol - i.e. tcp or udp |
| portRangeFrom int64 | PortRangeFrom is the port range being allowed |
| portRangeTo int64 | PortRangeTo is the port range being allowed |
| sources []string | Sources is a collection of network ranges |
SecurityGroupRuleStatus
(Appears on: SecurityGroupRule)
SecurityGroupRuleStatus defines the observed state of a security group rule
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is the status of the components |
| phase string | Phase indicates the current phase of the rule - i.e create or not |
| status Status | Status provides a overall status |
cloudaccess.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the CloudAccess API group
Resource Types:CloudAccount
CloudAccount represents an account/project/subscription in a cloud provider which Wayfinder should know about
| Field | Description | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudaccess.appvia.io/v1alpha1 | ||||||||||||||||||||||||||||||||||
| kind string | CloudAccount | ||||||||||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||||||||||
| spec CloudAccountSpec |
| ||||||||||||||||||||||||||||||||||
| status CloudAccountStatus |
|
CloudAccountClaim
CloudAccountClaim represents a request for a cloud account to come into existence for a workspace
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudaccess.appvia.io/v1alpha1 | ||||||||
| kind string | CloudAccountClaim | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec CloudAccountClaimSpec |
| ||||||||
| status CloudAccountClaimStatus |
|
CloudCredential
CloudCredential represents a set of credentials to access a cloud account which Wayfinder can use to perform its operations
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudaccess.appvia.io/v1alpha1 | ||||||||||||||
| kind string | CloudCredential | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec CloudCredentialSpec |
| ||||||||||||||
| status CloudCredentialStatus |
|
AWSAccountParameters
(Appears on: CloudAccountProviderDetails)
AWSAccountParameters provides the specific parameters for an AWS account
AWSAccountStatus
(Appears on: ProviderStatus)
AWSAccountStatus provides status specific to AWS accounts
| Field | Description |
|---|---|
| serviceCatalogProvisioningID string | ServiceCatalogProvisioningID is the Control Tower Account Factory Service Catalog provisioning record ID. If set, creation is being tracked. Relevant only to managed AWS accounts |
AWSOrganizationParameters
(Appears on: CloudAccountProviderDetails)
AWSOrganizationParameters provides the specific parameters for an AWS organisation account
| Field | Description |
|---|---|
| ssoUser AWSSSOUser | SsoUser is the user who will be the organisational account owner for all accounts. Required if feature AccountManagement enabled. |
| ouName string | OuName is the name of the parent Organizational Unit (OU) to use for provisioning accounts Required if feature AccountManagement enabled. |
| region string | Region is the region where control tower is enabled in the master account Required if feature AccountManagement enabled. |
| userRoles map[string]string | UserRoles contains the ARNs of stacksets to create instances of in each managed account |
AWSSSOUser
(Appears on: AWSOrganizationParameters)
AWSSSOUser describes the details required to identify an AWS SSO user to user for all accounts
| Field | Description |
|---|---|
| email string | Email is the unique user email address specified for the AWS SSO user Required if feature AccountManagement enabled. |
| firstName string | FirstName is the firstname(s) field for an AWS SSO user Required if feature AccountManagement enabled. |
| lastName string | LastName is the last name of an SSO user Required if feature AccountManagement enabled. |
AccessAssumption
AccessAssumption describes a request to assume access to a cloud account
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec AccessAssumptionSpec |
|
AccessAssumptionPermission
(Appears on: AccessAssumptionPermissions)
AccessAssumptionPermission desribes whether the current user can access a specific user role
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| userRole string | UserRole identifies which role this permission is for | ||||||||
| status CloudAccountUserRoleStatus | Status indicates the current status of this user role
| ||||||||
| allowed bool | Allowed will indicate if the user is currently allowed to assume this role | ||||||||
| denyReasons []DenyReason | DenyReasons lists zero or more reasons why the user may not be able to currently assume this role. May not always be populated. |
AccessAssumptionPermissions
AccessAssumptionPermissions describes what roles the current user can access
| Field | Description |
|---|---|
| Account CloudAccountReference | Account specifies which cloud account this permission reference is for |
| User string | User specifies which user this permission reference is for |
| accountType string | AccountType details the type of cloud account we’re talking about, provided for convenience |
| cloud string | Cloud details which cloud this cloud account is for, provided for convenience |
| userRoles map[string]github.com/appvia/wayfinder/pkg/apis/cloudaccess/v1alpha1.AccessAssumptionPermission | UserRoles describes the available user roles on this cloud account |
AccessAssumptionResult
AccessAssumptionResult is the returned details of performing an assumption, including the temporary credentials for the session created for the user
| Field | Description |
|---|---|
| credentials map[string]string | Credentials will be populated with the appropriate key-value pairs to access the cloud provider in question. The keys of this will vary with the cloud provider. |
| expires Kubernetes meta/v1.Time | Expires is the time the requested access expires |
AccessAssumptionSpec
(Appears on: AccessAssumption)
AccessAssumptionSpec describes the account and role that the assumption is targeting
| Field | Description |
|---|---|
| cloudAccount CloudAccountReference | CloudAccount specifies which cloud account this access request is for |
| role string | Role identifies which role to assume (must be present in UserRoles for the referenced CloudAccount) |
| portal bool | Portal indicates that this request is for portal rather than API/CLI access |
AzureSubscriptionParameters
(Appears on: CloudAccountProviderDetails)
AzureSubscriptionParameters provides the specific parameters for an Azure subscription
AzureTenantParameters
(Appears on: CloudAccountProviderDetails)
AzureTenantParameters provides the specific parameters for an Azure tenant (organisation) account
| Field | Description |
|---|---|
| agreementType string | AgreementType defines whether we’re building subscriptions in an MCA or Enterprise Agreement backed Azure setup |
| ownerObjectID string | OwnerObjectID specifies the Object ID of an Azure AD group, user or service principal to grant Owner privilege on all created subscriptions. This is required to ensure that generated subscriptions are owned by an object controlled by your company. Example: 8bf96a8f-abcd-ef12-a389-883d6116a5da |
| contributorObjectID string | ContributorObjectID specifies an optional object ID of an Azure AD group, user or service principal to grant Contributor privilege on all created subscriptions. Example: 8bf96a8f-dcef-abc1-a389-883d6116a5da |
| managementGroupID string | ManagementGroupID specifies an optional ID of an Azure Management Group in which subscriptions created by Wayfinder should be placed. Example: wf-subscription-mgt-group |
| billingAccount string | BillingAccount is the billing account identifier. Required for both agreement types. Example (super-catchy, isn’t it): aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 |
| enrollmentAccount string | EnrollmentAccount defines for an Enterprise Agreement agreement type which enrollment account to create subscriptions within. Required for EA. Example: 7654321 |
| billingProfile string | BillingProfile defined for an MCA agreement type which billing profile contains the invoice section you wish subscriptions to be created in. Required for MCA. Example: AW4F-APQW-0AH-ABC |
| invoiceSection string | InvoiceSection defines for an MCA agreement type which invoice section to create subscriptions within inside the selected BillingProfile. Required for MCA. Example: PQRS-ALDS-012-DEF |
CloudAccountClaimSpec
(Appears on: CloudAccountClaim)
CloudAccountClaimSpec defines the desired state of CloudAccountClaim
| Field | Description |
|---|---|
| name string | Name is the name of the account to create. Either Name or Stage must be populated. Populate name to choose a custom name, and populate stage to follow the account naming rules for the parent. |
| stage string | Stage is the lifecycle stage to create the cloud account for. Either Name or Stage must be populated. Populate stage to following the account naming rules for the parent, and populate name to choose a custom name. |
| parent CloudAccountReference | Parent is a reference to a CloudAccount which this claim should use for provisioning the account. If this is an Organization account, this will trigger the creation of a new account within this parent. If it is a Shared or Wayfinder Managed account, it will be validated and used directly. Any child account will inherit the Cloud provider from this parent. |
CloudAccountClaimStatus
(Appears on: CloudAccountClaim)
CloudAccountClaimStatus defines the observed state of the provisioned account
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| name string | Name is the resulting cloud account name |
| cloudAccountRef CloudAccountReference | CloudAccountRef is a reference to the assigned or created cloud account |
| identifier string | Identifier is the assigned account ID / project ID / subscription ID |
CloudAccountFeatureStatus
(Appears on: CloudAccountStatus)
CloudAccountFeatureStatus describes the status of a cloud account feature
| Field | Description |
|---|---|
| ready bool | Ready indicates whether this feature is ready to use. |
| setupRequired bool | SetupRequired indicates this feature needs wayfinder setup roles run to sort it out (i.e. one or more roles is missing, requires a provider role specifying, or requires updating). This will be false if a role is correct and specified but somehow not valid. |
| requiredRoles []string | RequiredRoles indicates the list of roles that this cloud account needs working in order for this feature to work. Each role identified here will have an entry in status.Roles to understand the status of these underlying roles. |
CloudAccountNamingRule
CloudAccountNamingRule describes the rules for naming a child account based on the selected plan
| Field | Description |
|---|---|
| name string | Name is the given name of the rule |
| description string | Description provides an optional description for the account rule |
| stages []string | Stages is a list of stages permitted |
| suffix string | Suffix is the applied suffix |
| prefix string | Prefix is a prefix for the account name |
CloudAccountProviderDetails
(Appears on: CloudAccountSpec)
CloudAccountProviderDetails provides parameters that are specific to a particular type of cloud account
| Field | Description |
|---|---|
| type ProviderAccountType | |
| gcpOrganization GCPOrganizationParameters | (Optional) GCPOrganization holds parameters specific to GCP organization accounts. Present only if type is GCPOrganization. |
| gcpProject GCPProjectParameters | (Optional) GCPProject holds parameters specific to GCP projects. Present only if type is GCPProject. |
| awsOrganization AWSOrganizationParameters | (Optional) AWSOrganization holds parameters specific to AWS organization accounts. Present only if type is AWSOrganization. |
| awsAccount AWSAccountParameters | (Optional) AWSAccount holds parameters specific to AWS accounts. Present only if type is AWSAccount. |
| azureTenant AzureTenantParameters | (Optional) AzureTenant holds parameters specific to Azure tenant accounts. Present only if type is AzureTenant. |
| azureSubscription AzureSubscriptionParameters | (Optional) AzureSubscription holds parameters specific to Azure subscriptions. Present only if type is AzureSubscription. |
CloudAccountReference
(Appears on: AccessAssumptionPermissions, AccessAssumptionSpec, CloudAccountClaimSpec, CloudAccountClaimStatus, CloudAccountSpec, ClusterSpec, ClusterStatus, CloudMetaCloud, CostImportSpec, ECRRegistryParameters, NetworkFabricSpec, NetworkFabricStatus)
| Field | Description |
|---|---|
| namespace string | |
| name string |
CloudAccountRole
(Appears on: CloudAccountSpec)
| Field | Description |
|---|---|
| role string | Role is the Wayfinder cloud role that this account can be used for |
| assumeProviderRole string | AssumeProviderRole contains a reference to the identifier that should be assumed by Wayfinder when using this account for this role, i.e. AWS ARN, GCP Service Account, Azure Role, etc. |
CloudAccountRoleStatus
(Appears on: CloudAccountStatus)
CloudAccountRoleStatus is the status of a role on a cloud account
| Field | Description |
|---|---|
| status RoleStatus | |
| message string |
CloudAccountSpec
(Appears on: CloudAccount)
CloudAccountSpec defines the specification of an account known to wayfinder
| Field | Description |
|---|---|
| name string | Name is the unique logical name for this cloud account |
| description string | Description is an optional longer human-readable description of this cloud account to help users understand which cloud account to choose. |
| cloud string | Cloud defines which cloud provider this account is for |
| identifier string | Identifier is the unique identifier for this account with the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc. Required unless the accountType is managed. For accountType organization this should be the account ID/subscription ID/project ID to place shared org-wide resources such as DNS root zones, etc. For AWS this must be the same AWS Master Account ID used for OrgIdentifier. To use the identifier for a CloudAccount, ALWAYS reference Status.Identifier, not this field, as this will be unpopulated and ignored on managed accounts. |
| orgIdentifier string | OrgIdentifier, required only for accountType organization and must be populated with the identifier for the organization - for example, AWS Master Account ID, Azure Tenant ID, GCP Organization ID, etc. Ignored if accountType is not organization. |
| accountType string | AccountType identifies whether this is an organization account (which can be used by Wayfinder to create managed accounts), a shared account (used directly to build workspace infrastructure), or a managed acccount (created by Wayfinder’s account management features) |
| defaultRegion string | DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth |
| parentAccount CloudAccountReference | ParentAccount is a reference to another CloudAccount (with account type ‘organization’) of this cloud account, for managed (required) and shared (optional) accounts. |
| providerDetails CloudAccountProviderDetails | ProviderDetails provides additional fields which can be used for cloud-provider specific data, such as a GCP billing account ID. |
| stages []string | Stages lists the stages that this cloudaccount may be used for |
| namingRules []github.com/appvia/wayfinder/pkg/apis/cloudaccess/v1alpha1.CloudAccountNamingRule | NamingRules describes for Organization type accounts how to name child accounts based on the plan chosen. Required for account factory functionality to operate for an Organization account. |
| identityCred CloudCredentialReference | IdentityCred is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this account. To use workload identity, specify an empty namespace and name - this will only work if Workload Identity has been configured in the Wayfinder management cluster, this account is in the same cloud provider as the management cluster, and that workload identity is given access to this account) |
| features []string | Features lists the ways in which it is intended for this cloud account to be used. This will allow the relevant set of roles to be determined for this cloud account. |
| roles []CloudAccountRole | Roles defines the possible ways in which Wayfinder can use this account, along with details of how Wayfinder should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud account is defined by the enabled features. |
| userRoles []string | UserRoles are the roles which will be available for user access into this cloud account |
| allocation ResourceAllocation | Allocation describes which workspaces can use this cloud account. |
| orgUserRoles []OrgUserRole | OrgUserRoles is the set of user roles to make available in child accounts of this org Ignored if accountType is not organization. |
CloudAccountStatus
(Appears on: CloudAccount)
CloudAccountStatus defines the status of a cloud account
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| identifier string | Identifier is the assigned unique identifier for this account. For emanaged accounts this will be the identifier for the created account. For all other accounts, this will be the value provided in Spec.Identifier. This field should ALWAYS be used if you need the correct identifier for a cloud account. Do not rely on Spec.Identifier which is unpopulated for managed accounts. |
| providerAccountRef Ownership | ProviderAccountRef is a reference to the provider account for this cloud account where the type is managed. |
| providerStatus ProviderStatus | ProviderStatus can be populated with provider-specific status information, particularly relevant on accounts of type managed. |
| features map[string]github.com/appvia/wayfinder/pkg/apis/cloudaccess/v1alpha1.CloudAccountFeatureStatus | Features describes the status of any features specified on this cloud account. |
| roles map[string]github.com/appvia/wayfinder/pkg/apis/cloudaccess/v1alpha1.CloudAccountRoleStatus | Roles provides the status of each underlying required role. The keys of the map are the role names. |
| userRoles map[string]github.com/appvia/wayfinder/pkg/apis/cloudaccess/v1alpha1.CloudAccountUserRoleStatus | UserRoles provides the status of the user roles on this cloud account |
| orgIdentifier string | OrgIdentifier is the identifier for an organisation owner of this account when known identifier for the organization - for example, AWS Master Account ID, Azure Tenant ID, GCP Organization ID, etc. |
CloudAccountUserRoleStatus
(Appears on: AccessAssumptionPermission, CloudAccountStatus)
CloudAccountUserRoleStatus is the status of a specific user role on the cloud account
| Field | Description |
|---|---|
| userRole string | UserRole is the role this status describes |
| assumeProviderRole string | AssumeProviderRole may be populated for a specific cloud provider in order to describe how Wayfinder will orchestrate user access into this role |
| status Status | Status provides an overall status. |
| message string | Message is the description of the current status. |
CloudCredentialReference
(Appears on: CloudAccountSpec, CostImportSpec)
CloudCredentialReference is a reference specifically to a cloud credential
| Field | Description |
|---|---|
| namespace string | Namespace for the credential, specify empty for implicit credentials |
| name string | Name for the credential, specify empty for implicit credentials |
CloudCredentialSpec
(Appears on: CloudCredential)
CloudCredentialSpec defines the metadata about the credentials with a reference to the kubernetes secret containing the credentials
| Field | Description |
|---|---|
| name string | Name is a human-understandable name for this credential |
| cloud string | Cloud defines which cloud provider this credential is for |
| implicitIdentity bool | ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used. |
| implicitIdentityID string | ImplicitIdentityID specifies any ID that the run time process environment needs to authenticate to a specific identity where more than one can be assigned to a process |
| credentialsInputData map[string]string | CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API. If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references. |
| secretRef Kubernetes core/v1.SecretReference | SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder. Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value. |
| credentialsUpdated Kubernetes meta/v1.Time | CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential. |
CloudCredentialStatus
(Appears on: CloudCredential)
CloudCredentialStatus represents the status of a set of credentials for cloud account access
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| verified bool | Verified checks that the credentials are ok and valid |
| identity string | Identity is the unique reference to the cloud principle e.g. aws role, gcp service-account etc. |
DenyReason (string)
(Appears on: AccessAssumptionPermission)
DenyReason describes why an access assumption is not permitted
| Value | Description |
|---|---|
"NetworkConstraint" | DenyReasonNetworkConstraint indicates that the access would be permitted for the user when accessing from certain network locations, but their current network location is not permitted |
"NoPolicy" | DenyReasonNoPolicy indicates that no policy is applicable for this role for the current user |
"TimeConstraint" | DenyReasonTimeConstraint indicates that the access would be permitted during certain time periods but is not permitted at the current time |
GCPOrganizationParameters
(Appears on: CloudAccountProviderDetails)
GCPOrganizationParameters provides the specific parameters for a GCP organisation account
| Field | Description |
|---|---|
| parentType string | ParentType is the type of parent this project has Valid types are: “organization”, “folder”, and “project” |
| parentID string | DEPRECATED: Use OrgIdentifier on Spec. This will be ignored if OrgIdentifier is populated on the Spec. |
| billingAccount string | BillingAccountName is the resource name of the billing account associated with the project e.g. ‘012345-567890-ABCDEF’ |
GCPProjectParameters
(Appears on: CloudAccountProviderDetails)
GCPProjectParameters provides the specific parameters for a GCP project account
OrgUserRole
(Appears on: CloudAccountSpec)
OrgUserRole describes a specific user role to orchestrate into child accounts of an org
| Field | Description |
|---|---|
| userRole string | UserRole is the top-level role to provide in child accounts |
| enabled bool | Enabled controls whether this role is enabled |
| allocation ResourceAllocation | Allocation describes which workspaces can use this role. Will only be effective as a subset of the workspaces allowed to use the cloud account in spec.Allocation. |
ProviderAccountType (string)
(Appears on: CloudAccountProviderDetails, ProviderStatus)
ProviderAccountType represents the concrete type of account that a CloudAccount represents
| Value | Description |
|---|---|
"AWSAccount" | ProviderAccountTypeAWSAccount is an AWS account for running workloads |
"AWSOrganization" | ProviderAccountTypeAWSOrg is a root organization account for AWS account management |
"AzureTenant" | ProviderAccountTypeAzureOrg is a root organization tenant for Azure account management |
"AzureSubscription" | ProviderAccountTypeAzureSubscription is an Azure subscription for running workloads |
"GCPOrganization" | ProviderAccountTypeGCPOrg is a root organization account for GCP account management |
"GCPProject" | ProviderAccountTypeGCPProject is a GCP project for running workloads |
ProviderStatus
(Appears on: CloudAccountStatus)
ProviderStatus provides status fields specific to a cloud provider
| Field | Description |
|---|---|
| type ProviderAccountType | |
| awsAccount AWSAccountStatus | (Optional) AWSAccount holds status specific to AWS accounts. |
RoleStatus (string)
(Appears on: CloudAccountRoleStatus)
RoleStatus is a possible status of a role on a cloud account
| Value | Description |
|---|---|
"Invalid" | RoleInvalid indicates that a specified role is not usable, for example it cannot be accessed from the identity associated with this cloud account or does not exist |
"Missing" | RoleMissing indicates that a required role for a specfied feature is not set on this cloudaccount |
"Pending" | RolePending indicates that the role has not yet been checked |
"RequiresProviderRole" | RoleRequiresProviderRole indicates that a specified role requires an AssumeProviderRole but none has been provided |
"RequiresUpdate" | RoleRequiresUpdate indicates that the permissions required for the role are not correct in the cloud provider so this role needs to be updated |
"Valid" | RoleValid indicates this cloud account role is ready to use |
cloudservices.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the crossplane v1alpha1 API group
Resource Types:CrossplaneDeployment
CrossplaneDeployment is a Crossplane deployment instance
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudservices.appvia.io/v1alpha1 | ||||||||
| kind string | CrossplaneDeployment | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec CrossplaneDeploymentSpec |
| ||||||||
| status CrossplaneDeploymentStatus |
|
CrossplaneDeploymentSpec
(Appears on: CrossplaneDeployment)
CrossplaneDeploymentSpec defines the desired state of a Crossplane deployment
| Field | Description |
|---|---|
| cluster Ownership | Cluster contains the reference to the cluster where the deployment will be created |
| clusterNamespace string | ClusterNamespace is the target namespace in the cluster where the deployment will be created |
| version string | Version is the Crossplane version |
| providers []string | Providers is the list of Crossplane providers to install |
CrossplaneDeploymentStatus
(Appears on: CrossplaneDeployment)
CrossplaneDeploymentStatus defines the observed state of a Crossplane deployment
| Field | Description |
|---|---|
| components Components | Components is a collection of component statuses |
| status Status | Status is the overall status of the deployment |
| message string | Message is the description of the current status |
| observedGeneration int64 | ObservedGeneration is the value of generation when the object was last reconciled If the value is different from the object’s current generation, the status must be considered outdated |
compute.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the compute v1alpha1 API group
Resource Types:Cluster
Cluster is the schema for cluster definitions in Wayfinder
| Field | Description | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v1alpha1 | ||||||||||||||||||||||||||||||||||
| kind string | Cluster | ||||||||||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||||||||||
| spec ClusterSpec |
| ||||||||||||||||||||||||||||||||||
| status ClusterStatus |
|
NamespaceClaim
NamespaceClaim is the Schema for the namespaceclaims API
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v1alpha1 | ||||||||
| kind string | NamespaceClaim | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec NamespaceClaimSpec |
| ||||||||
| status NamespaceClaimStatus |
|
Plan
Plan is the Schema for the plans API
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v1alpha1 | ||||||||||
| kind string | Plan | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec PlanSpec |
| ||||||||||
| status PlanStatus |
|
AKSClusterStatus
(Appears on: ProviderStatus)
AKSClusterStatus is used to hold any thing related to the AKS clusters
| Field | Description |
|---|---|
| infraResourceGroupName string | InfraResourceGroupName is the resource group that AKS manages |
| clusterPrincipalId string | ClusterPrincipalID is the cluster principal in Azure This is required for assigning permission to the AKS cluster in Azure |
AKSNodePoolSpec
(Appears on: NodePoolProviderDetails)
AKSNodePoolSpec represents a node pool within a AKS cluster
| Field | Description |
|---|---|
| mode string | Mode is the type of the node pool. System node pools serve the primary purpose of hosting critical system pods such as CoreDNS and tunnelfront. User node pools serve the primary purpose of hosting your application pods. |
AKSNodePoolSpotInstances
(Appears on: SpotInstancesOptions)
AKSNodePoolSpotInstances are the options for spot instances in Azure
| Field | Description |
|---|---|
| maxSpotPrice string | MaxSpotPrice is the maximum price willing to pay for an spot instance billed in microdollars. The figure is optional and needless to say only relevant when the nodepool is made of spot instances |
AKSSpec
(Appears on: ClusterProviderDetails)
AKSSpec defines the desired state of an AKS cluster
| Field | Description |
|---|---|
| linuxProfile LinuxProfile | LinuxProfile is the configuration for Linux VMs |
| skuTier string | SKUTier is the Uptime SLA that should be used for the AKS cluster. “Free” or “Paid” |
| windowsProfile WindowsProfile | WindowsProfile is the configuration for Windows VMs |
Addons
(Appears on: ClusterSpec)
Addons defines the struture for addons and features on a cluster
| Field | Description |
|---|---|
| cloudServices CloudServicesAddon | CloudServices indicates we should enable cloud service via crossplane |
| ingress IngressAddon | Ingress indicates we want the ingress service enabled |
Authentication
Authentication provides options to the authentication module
| Field | Description |
|---|---|
| disableInline bool | DisableInline indicates if we disable inline authorization |
AuthorizedNetwork
AuthorizedNetwork provides a definition for the authorized networks
| Field | Description |
|---|---|
| name string | Name provides a descriptive name for this network |
| cidr string | CIDR is the network range associated to this network |
AutoScalingOptions
(Appears on: NodePool)
AutoScalingOptions define the options per cloud provider for autoscaling
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the node pool to use autoscaling |
| minSize int64 | MinSize is minimum number of nodes if autoscaling is enabled |
| maxSize int64 | MaxSize is the maximum numer of nodes if autoscaling is enabled |
CloudServicesAddon
(Appears on: Addons)
CloudServicesAddon defines the cloud service addons
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the addons is enabled |
CloudWatchLogging
(Appears on: EKSSpec)
CloudWatchLogging defines the control plane logging options
| Field | Description |
|---|---|
| api bool | API will enable logging for the Kubernetes API server |
| audit bool | Audit will enable logging for the Kubernetes audit |
| authenticator bool | Authenticator will enable logging for the Kubernetes authentication |
| controllerManager bool | ControllerManager will enable logging for the Kubernetes controller manager |
| scheduler bool | Scheduler will enable logging for the Kubernetes scheduler component |
ClusterProviderDetails
(Appears on: ClusterSpec)
ClusterProviderDetails defines the parameters for cloud specific options - i.e options which cannot be consolidated as they are too specific to the chosen cloud vendor
| Field | Description |
|---|---|
| type ProviderType | |
| aks AKSSpec | AKS defines the cloud specific options for AKS clusters |
| eks EKSSpec | EKS defines a cloud specific options for EKS clusters |
| gke GKESpec | GKE is the provider specification for their clusters |
| unmanaged UnmanagedSpec | Unmanaged provides the specification for unmanagement cluster |
ClusterSpec
(Appears on: Cluster, PlanSpec)
ClusterSpec defines the desired state of a cluster
| Field | Description |
|---|---|
| cloudAccountRef CloudAccountReference | CloudAccountRef is a reference to the cloud account this cluster should reside in |
| cloudResourceName string | CloudResourceName specifies the name of the cluster in the cloudaccount Can be left blank so that the name is derived from the wayfinder workspace and resource name |
| description string | Description provides a short summary to the use of the cluster |
| enableAutoUpgrade bool | EnableAutoUpgrade indicates wayfinder should handle any upgrades for the clusters |
| enablePrivateCluster bool | EnablePrivateCluster indicates the cluster should be made private |
| expires Kubernetes meta/v1.Time | Expires provides a time for automatic expiration of the cluster |
| addons Addons | Addons provide details on enabled feature sets of the cluster |
| maintenanceWindow string | MaintenanceWindow is the time we can perform updates and upgrades |
| networking Networking | Networking provides the details around the cluster networking options |
| nodePools []*github.com/appvia/wayfinder/pkg/apis/compute/v1alpha1.NodePool | NodePools is a collection of node pools associated to the cluster |
| provider string | Provider refers to the cluster type (e.g. AKS, GKE, EKS) |
| plan string | Plan refers to the original plan the cluster was created from |
| providerDetails ClusterProviderDetails | ProviderDetails defines cloud specific cluster options |
| secretRef Kubernetes core/v1.SecretReference | SecretRef is a reference to an existing secret containing an administrative access token for this cluster. Required only for clusters which are not created by Wayfinder. |
| stage string | Stage is the name of the stage for this cluster |
| region string | Region is the region you want the cluster to reside |
| version string | Version is the kubernetes version to use, you can use ‘latest’ and allow the cloud provider choose the latest release, or using a specific cloud vendor version. Note, when enableAutoUpgrade is enabled you must specify the version as latest |
ClusterStatus
(Appears on: Cluster)
ClusterStatus defines the observed state of a cluster
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| authProxyEndpoint string | AuthProxyEndpoint is the endpoint of the authentication proxy for this cluster |
| authProxyCertificate string | AuthProxyCertificate is the certificate of the auth proxy endpoint |
| caCertificate string | CaCertificate is the base64 encoded cluster certificate |
| cloudAccount CloudAccountReference | CloudAccountRef is a reference to the cloud account to use to retrieve credentials for this cluster. Will be populated if the spec specifies a CloudAccount (org or shared) as the credential object. |
| kubeApiEndpoint string | KubeAPIEndpoint is the kubernetes API endpoint url |
| networkFabric NetworkFabricStatus | Network contains the network configuration used by this cluster |
| providerData k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON | ProviderData is provider specific data |
| providerStatus ProviderStatus | ProviderStatus is provider specific data with types |
| version string | Version is the kubernetes version of the cluster |
EKSClusterStatus
(Appears on: ProviderStatus)
EKSClusterStatus is used to hold any thing related to the EKS clusters
| Field | Description |
|---|---|
| oidc string | OIDC is the url for the OIDC endpoint |
EKSNodePoolSpec
(Appears on: NodePoolProviderDetails)
EKSNodePoolSpec defines the desired state of EKSCluster
| Field | Description |
|---|---|
| eC2SSHKey string | EC2SSHKey is the Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node grouphttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html |
| sshSourceSecurityGroups []string | SSHSourceSecurityGroups is the security groups that are allowed SSH access (port 22) to the worker nodes |
EKSNodePoolSpotInstances
(Appears on: SpotInstancesOptions)
EKSNodePoolSpotInstances defined the options for EKS spot instances
| Field | Description |
|---|---|
| additionalInstanceTypes []string | AdditionalInstanceTypes provides an addotional list of instances to use when spot instances is enabled |
EKSSpec
(Appears on: ClusterProviderDetails)
EKSSpec defines the desired state of EKSCluster
| Field | Description |
|---|---|
| cloudWatchLogging CloudWatchLogging | CloudWatchLogging allows all control plane logging to be enabled |
| enableEndpointPrivate bool | EnableEndpointPrivate indicates the EKS endpoint should be private and non-public facing |
| subnetIDs []string | SubnetIds is a list of subnet IDs |
| securityGroupIDs []string | SecurityGroupIds is a list of security group IDs |
GKENodePoolSpec
(Appears on: NodePoolProviderDetails)
GKENodePoolSpec defines a the cloud specific options for a GKE nodepool
| Field | Description |
|---|---|
| enableAutorepair bool | EnableAutorepair indicates if the node pool should automatically repair failed nodes |
| enableAutoupgrade bool | EnableAutoUpgrade indicates if the node group should be configured with auto-upgrading enabled. This must be true if the cluster has ReleaseChannel set. |
GKESpec
(Appears on: ClusterProviderDetails)
GKESpec defines the additional options for a GKE cluster
| Field | Description |
|---|---|
| enableHorizontalPodAutoscaler bool | EnableHorizontalPodAutoscaler indicates if the cluster is configured with the horizontal pod autoscaler addon. This automatically adjusts the cpu and memory resources of pods in accordance with their demand. You should ensure you use PodDisruptionBudgets if this is enabled. |
| enableHTTPLoadBalancer bool | EnableHTTPLoadBalancer indicates if the cluster should be configured with the GKE ingress controller. When enabled GKE will autodiscover your ingress resources and provision load balancer on your behalf. |
| enableShieldedNodes bool | EnableShieldedNodes indicates we should enable the shielded nodes options in GKE. This protects against a variety of attacks by hardening the underlying GKE node against rootkits and bootkits. |
| enableStackDriverLogging bool | EnableStackDriverLogging indicates if Stackdriver logging should be enabled for the cluster |
| enableStackDriverMetrics bool | EnableStackDriverMetrics indicates if Stackdriver metrics should be enabled for the cluster |
| masterIPV4Cidr string | MasterIPV4Cidr is network range used when private networking is enabled. This is the peering subnet used to to GKE master api layer. Note, this must be unique within the network. |
IngressAddon
(Appears on: Addons)
IngressAddon defines the ingress options
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the addons is enabled |
LinuxProfile
(Appears on: AKSSpec)
LinuxProfile is the configuration for Linux VMs
| Field | Description |
|---|---|
| adminUsername string | AdminUsername is the admin username for Linux VMs |
| sshPublicKeys []string | SSHPublicKeys is a list of public SSH keys to allow to connect to the Linux VMs |
NamespaceClaimSpec
(Appears on: NamespaceClaim)
NamespaceClaimSpec defines the desired state of NamespaceClaim
| Field | Description |
|---|---|
| cluster Ownership | Cluster is the cluster the namespace resides |
| name string | Name is the name of the namespace to create |
| annotations map[string]string | Annotations is a series of annotations on the namespace |
| labels map[string]string | Labels is a series of labels for the namespace |
NamespaceClaimStatus
(Appears on: NamespaceClaim)
NamespaceClaimStatus defines the observed state of NamespaceClaim
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) Status is the status of the namespace |
NetworkRange
NetworkRange defines a network block
| Field | Description |
|---|---|
| type string | Type defines the type of network |
| cidr string | CIDR defines the network range |
Networking
(Appears on: ClusterSpec)
Networking defines the structure for a
| Field | Description |
|---|---|
| authorizedNetworks []*github.com/appvia/wayfinder/pkg/apis/compute/v1alpha1.AuthorizedNetwork | AuthorizedNetworks is a collection of authorized networks which is permitted to speak to authentication proxy |
| authorizedMasterNetworks []*github.com/appvia/wayfinder/pkg/apis/compute/v1alpha1.AuthorizedNetwork | AuthorizedMasterNetworks is a collection of authorized networks which is permitted to speak to the cloud kubernetes API, default to all if not provided. |
| clusterIPV4Cidr string | ClusterIPV4Cidr is an optional network CIDR which is used to place the pod network on |
| networkProvider string | NetworkProvider defines a network cni provider for the cluster |
| networkRef Ownership | NetworkRef is reference to a network where the cluster should reside |
| servicesIPV4Cidr string | ServicesIPV4Cidr is an optional network cidr configured for the cluster services |
NodePool
NodePool defines a node pool in kubernetes
| Field | Description |
|---|---|
| name string | Name is the name of the nodepool |
| description string | Description provides an optional description to the node pool |
| diskSize int64 | DiskSize is the amount of disk space to assign to the nodes in MBs |
| autoscaling AutoScalingOptions | Autocaling indicates the node pool should autoscale |
| expires Kubernetes meta/v1.Time | Expires provides a time for automatic expiration of the cluster |
| image string | Image is the image we should use on the instances of this pool |
| labels map[string]string | Labels is a collection of label placed on to the nodepool |
| maxPodsPerNode int64 | MaxPodsPerNode controls how many pods can be scheduled onto each node in this pool |
| machine string | Machine is the instance type of the nodes in the poll |
| providerDetails NodePoolProviderDetails | ProviderDetails provides any cloud specific options for this nodepool |
| size int64 | Size is initial size if autoscaling defined - or the effective size if no autoscaling is enabled |
| spot SpotInstancesOptions | Spot if defines enables nodepool to use spot instances |
| taints []NodeTaint | Taints defines a collection scheduling taints placed on the nodepool |
| version string | Version is the initial version of kubernetes on the node pool |
| zones []string | Zones defines a list of cloud specific availability zones where the nodes are permitted to run |
NodePoolProviderDetails
(Appears on: NodePool)
NodePoolProviderDetails defines the parameters for cloud specific options - i.e options which cannot be consolidated as they are too specific to the chosen cloud vendor
| Field | Description |
|---|---|
| type ProviderType | |
| aks AKSNodePoolSpec | AKS defines the cloud specific options for AKS clusters |
| eks EKSNodePoolSpec | EKS defines a cloud specific options for EKS clusters |
| gke GKENodePoolSpec | GKE is the provider specification for their clusters |
| unmanaged UnmanagedNodePoolSpec | Unmanaged provides the specification for unmanaged cluster |
NodeTaint
(Appears on: NodePool)
NodeTaint is the structure of a taint on a nodepoolhttps://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
| Field | Description |
|---|---|
| key string | Key provides the key definition for this tainer |
| value string | Value is arbitrary value for this taint to compare |
| effect string | Effect is desired action on the taint |
PlanPolicy
PlanPolicy defines an entry for the
| Field | Description |
|---|---|
| editable bool | Editable indicates the entry can or cannot be changed |
| enum []string | Enum is a collection of possible values |
| max int64 | Max is a max to the value |
| min int64 | Min is a minimun to the value |
| path string | Path is the a json path to the value |
| pattern string | Pattern is used as regex constraint on the input |
| summary string | Summary provides an optional decription to the field attribute |
PlanSpec
(Appears on: Plan)
PlanSpec defines the desired state of Plan
| Field | Description |
|---|---|
| allocation ResourceAllocation | Allocation defines one or more workspaces which are permitted to access this plan |
| labels map[string]string | Labels is a collection of labels for this plan |
| summary string | Summary provides a short title summary for the plan |
| template ClusterSpec | Template are the key+value pairs describing a cluster configuration |
| policies []*github.com/appvia/wayfinder/pkg/apis/compute/v1alpha1.PlanPolicy | Policies are a collection of policies related to the use of the plan |
PlanStatus
(Appears on: Plan)
PlanStatus defines the observed state of Plan
| Field | Description |
|---|---|
| conditions []Condition | Conditions is a set of condition which has caused an error |
| status Status | Status is overall status of the plan |
ProviderStatus
(Appears on: ClusterStatus)
ProviderStatus is a broken down status per provider for the cluster - i.e. outputs from the clusters which are specific to the clouds
| Field | Description |
|---|---|
| eks EKSClusterStatus | EKS is the provider status for AWS |
| aks AKSClusterStatus | AKS is the provider status for Azure |
ProviderType (string)
(Appears on: ClusterProviderDetails, NodePoolProviderDetails)
ProviderType represents the concrete type of account that a CloudAccount represents
SpotInstancesOptions
(Appears on: NodePool)
SpotInstancesOptions defines the options for spot instances
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the node pool should use spots |
| aks AKSNodePoolSpotInstances | AKS defines the options for AKS spot instances |
| eks EKSNodePoolSpotInstances | EKS provides additional options for EKS |
UnmanagedNodePoolSpec
(Appears on: NodePoolProviderDetails)
UnmanagedNodePoolSpec defines the spec for an unmanaged nodepool
UnmanagedSpec
(Appears on: ClusterProviderDetails)
UnmanagedSpec defines the spec for unmanaged cluster
WindowsProfile
(Appears on: AKSSpec)
WindowsProfile is the configuration for Windows VMs
| Field | Description |
|---|---|
| adminPassword string | AdminPassword is the admin password for Windows VMs |
| adminUsername string | AdminUsername is the admin username for Windows VMs |
config.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group
Resource Types:CloudMetaService
CloudMetaService represents an import of cloud metadata into Wayfinder
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||
| kind string | CloudMetaService | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec CloudMetaServiceSpec |
| ||||
| status CloudMetaServiceStatus |
|
CostImport
CostImport represents an import of costs data into Wayfinder
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||||||||||||
| kind string | CostImport | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec CostImportSpec |
| ||||||||||||||
| status CostImportStatus |
|
Plan
Plan is the Schema for the plans API
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||||||||
| kind string | Plan | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec PlanSpec |
| ||||||||||
| status PlanStatus |
|
Stage
Stage is the Schema for the stages API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||
| kind string | Stage | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec StageSpec |
| ||||
| status StageStatus |
|
AWSCostImportParameters
(Appears on: CostImportProviderDetails)
AWSCostImportParameters provides the specific parameters for AWS
| Field | Description |
|---|---|
| s3Region string | S3Region is the region in which to store cost and usage data in S3. Will use the default region from the cloud account if this is unspecified. |
| costUsageBucket string | CostUsageBucket is the name of an S3 bucket in which Wayfinder can find existing cost and usage reports to read. Leave blank to have Wayfinder self-configure with a new bucket as needed. |
| costUsageS3Prefix string | CostUsageS3Prefix is the location within the CostUsageBucket where Wayfinder will find the cost reports. Will be ignored unless CostUsageBucket is specified. |
| costUsageReport string | CostUsageReport is the name of the cost usage report to use. |
AzureCostImportParameters
(Appears on: CostImportProviderDetails)
AzureCostImportParameters provides the specific parameters for Azure
| Field | Description |
|---|---|
| importType AzureCostImportType | ImportType dictates what scope we’re going to import Azure costs for. This must match the type of Cloud Account referenced by this costs import: For BillingAccount the Cloud Account must be an Azure organization with AgreementType of EA or MCA and the BillingAccount populated. For EAEnrollmentAccount the Cloud Account must be an Azure organization with AgreementType of EA and the EnrollmentAccount populated. For MCAInvoiceSection the Cloud Account must be an Azure organization with AgreementType of MCA and the BillingAccount, BillingProfile and InvoiceSection populated. |
AzureCostImportType (string)
(Appears on: AzureCostImportParameters)
AzureCostImportType is the scope level to import Azure costs for
| Value | Description |
|---|---|
"BillingAccount" | AzureCostImportBillingAccount is to import costs for a full billing account |
"EAEnrollmentAccount" | AzureCostImportEAEnrollmentAccount is to import costs for an Enterprise Agreement Enrollment Account |
"MCAInvoiceSection" | AzureCostImportMCAInvoiceSection is to import costs for an MCA invoice section |
"Subscription" | AzureCostImportSubscription is to import costs for a single subscription |
CloudMetaCloud
(Appears on: CloudMetaServiceSpec)
| Field | Description |
|---|---|
| cloud string | Cloud defines which cloud this will pull information for |
| cloudAccount CloudAccountReference | CloudAccount defines the cloud account to use to pull metadata for this cloud |
CloudMetaServiceSpec
(Appears on: CloudMetaService)
CloudMetaServiceSpec defines the specification of the cloud metadata import
| Field | Description |
|---|---|
| clouds []CloudMetaCloud | Clouds contains an array of clouds to pull metadata for |
CloudMetaServiceStatus
(Appears on: CloudMetaService)
CloudMetaServiceStatus defines the status of this cloud meta import
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| components Components | Components is a set of underlying components if relevant |
CostImportProvider (string)
(Appears on: CostImportProviderDetails)
CostImportProvider is which cloud provider these provider details are for
| Value | Description |
|---|---|
"AWS" | |
"Azure" | |
"GCP" |
CostImportProviderDetails
(Appears on: CostImportSpec)
CostImportProviderDetails provides parameters that are specific to a particular cloud
| Field | Description |
|---|---|
| type CostImportProvider | Type is which cloud provider these provider details are for |
| gcp GCPCostImportParameters | (Optional) GCP holds parameters specific to importing GCP costs data. Present only if type is GCP. |
| aws AWSCostImportParameters | (Optional) AWS holds parameters specific to importing AWS costs data. Present only if type is AWS. |
| azure AzureCostImportParameters | (Optional) Azure holds parameters specific to importing Azure costs data. Present only if type is Azure. |
CostImportRun
(Appears on: CostImportStatus)
CostImportRun represents the result of an execution of a cost import
| Field | Description |
|---|---|
| status Status | Status indicates whether this import completed successfully (Success), is running (Pending) or failed (Failure) |
| time Kubernetes meta/v1.Time | Time indicates when this import was executed - may be nil if the import has been scheduled but not yet started |
| log string | Log contains the log (in JSON) of this import |
CostImportSpec
(Appears on: CostImport)
CostImportSpec defines the specification of the cost import
| Field | Description |
|---|---|
| cloud string | Cloud defines which cloud this costs import is from |
| cloudAccount CloudAccountReference | CloudAccount identifies which cloud account (organization or shared) should be used to pull costs data from. Must relate to the same cloud provider as specified in Cloud. |
| cloudCredential CloudCredentialReference | CloudCredential specifies an optional custom credential to use for this integration, instead of using the default credentials for the CloudAccount. |
| frequencyMinutes int | FrequencyMinutes describes how many minutes to leave between imports, e.g. 30 would import twice per hour. If greater than 60, should be a multiple of 60 (other values will be rounded to an integer number of hours, e.g. 90 will round to 120, 89 will round to 60). |
| daysHistory int | DaysHistory determines how many days worth of historical data to consider each time this import is run |
| importZeroCostItems bool | ImportZeroCostItems determines whether zero-costed line items in the cloud providers’ cost data is imported to wayfinder or not. |
| providerDetails CostImportProviderDetails | ProviderDetails provides the cloud-specific configuration details |
CostImportStatus
(Appears on: CostImport)
CostImportStatus defines the status of this costs integration
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| history []CostImportRun | History contains the recent history of runs of this cost import |
GCPCostImportParameters
(Appears on: CostImportProviderDetails)
GCPCostImportParameters provides the specific parameters for GCP
| Field | Description |
|---|---|
| billingAccount string | BillingAccountName is the billing account we’re importing costs for. If unspecified, Wayfinder will use the Billing Account specified on the cloud account (if it’s of type Organization). If neither of these are specified, this configuration will not be valid. Example: ‘012345-567890-ABCDEF’ |
| datasetProject string | DatasetProject is the GCP project in which to find/create the BigQuery dataset. If unspecified Wayfinder will use the project from the referenced cloud account. |
| datasetRegion string | DatasetRegion is the GCP region (or regional area) in which the BigQuery dataset should be created / accessed. If unspecified, Wayfinder will use the default region from the referenced cloud account. Examples: * EU (geo-dispersed across multiple EU GCP regions) * US (geo-dispersed across multiple US GCP regions) * europe-west2 (London) |
| datasetName string | DatasetName is an optional custom name of the BigQuery dataset to query to retrieve costs data. If unspecified, Wayfinder will assume a dataset named wf-costs. |
PlanSpec
(Appears on: Plan)
PlanSpec defines the desired state of Plan
| Field | Description |
|---|---|
| kind string | Resource refers to the resource type this is a plan for |
| labels map[string]string | Labels is a collection of labels for this plan |
| description string | Description provides a summary of the configuration provided by this plan |
| summary string | Summary provides a short title summary for the plan |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the key+value pairs describing a cluster configuration |
PlanStatus
(Appears on: Plan)
PlanStatus defines the observed state of Plan
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is a set of condition which has caused an error |
| status Status | Status is overall status of the workspace |
StageSpec
(Appears on: Stage)
StageSpec defines the desired state of Stage
| Field | Description |
|---|---|
| displayName string | DisplayName provides a user-friendly name for the stage |
| description string | Description provides a summary of this stage |
StageStatus
(Appears on: Stage)
StageStatus defines the observed state of Stage
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is a set of condition which has caused an error |
| status Status | Status is overall status of the workspace |
container.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the images v1alpha1 API group
Resource Types:Build
Build is the Schema for the roles API
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | container.appvia.io/v1alpha1 | ||||||||||||||||||
| kind string | Build | ||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||
| spec BuildSpec |
| ||||||||||||||||||
| status BuildStatus |
|
Registry
Registry is the Schema for the registry API
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | container.appvia.io/v1alpha1 | ||||||||||||
| kind string | Registry | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec RegistrySpec |
| ||||||||||||
| status RegistryStatus |
|
BuildCredentialsInputData
(Appears on: BuildSpec)
BuildCredentialsInputData defines the desired state of credentialsInputData
| Field | Description |
|---|---|
| type string | The secret type, should be either github_token or gitlab_token |
| description string | Description of the token |
| git_password string | The password required for access |
| git_username string | The username required for access |
BuildRun
BuildRun is the Schema for the roles API
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec BuildRunSpec |
| ||||||
| status BuildStatus |
|
BuildRunSpec
(Appears on: BuildRun)
BuildRunSpec defines the desired state of build - note this doesn’t get mapped to a CRD it’s just a payload to the trigger
| Field | Description |
|---|---|
| gitBranch string | GitRef is the git reference to are building from - else we default to mastr |
| gitSHA string | GitSHA is the commit to build from else we default to head |
| tag string | Tag is an optional tag to use when pushing the images - else we default to the SHA |
BuildRunStatus
BuildRunStatus represents the status of a build run
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions are a collection of conditions on the tag |
| status Status | Status is overall status of the workspace |
BuildSpec
(Appears on: Build)
BuildSpec defines the desired state of build
| Field | Description |
|---|---|
| cluster Ownership | Cluster is a reference to the cluster the build is performed |
| buildPath string | BuildPath is the directory which the build runs under - defaults to the current dirctory |
| dockerfile string | Dockerfile is the default location of dockerfile to build |
| repoURL string | RepoURL is the location of the workspace to build |
| registry Ownership | Registry is a reference to the registry to push the image |
| credentials Kubernetes core/v1.SecretReference | Credential is a reference to the secret to use access to the repository This could be a ssh key or a personal access token etc |
| imageName string | ImageName is a final name of the image |
| credentialsInputData BuildCredentialsInputData | CredentialsInputData can be used to populate the secret when creating/updating a build. This will never be populated when the build is returned from the API. |
| credentialsUpdated Kubernetes meta/v1.Time | CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field. |
BuildStatus
BuildStatus defines the observed state of build
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| builds []*github.com/appvia/wayfinder/pkg/apis/containers/v1alpha1.RunStatus | Builds provides a collection of build run statues |
ECRRegistryParameters
(Appears on: RegistryProviderDetails)
ECRRegistryParameters provides the specific parameters for an ECR registry
| Field | Description |
|---|---|
| cloudAccountRef CloudAccountReference | CloudAccountRef is a reference to the assigned or created cloud account |
| region string | Region is the region to create this registry. |
| accountID string | AccountID is the AccountID used by this registry DEPRECATED - this will be derived from the cloud account, any value specified here will be ignored. |
Image
Image represents an image a docker repository
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec ImageSpec |
| ||||||
| status ImageStatus |
|
ImageSpec
(Appears on: Image)
ImageSpec represent the image details
| Field | Description |
|---|---|
| tags map[string]string | Tags are a set of tags which can be used to identify this asset |
| url string | URL is the full url for this docker image |
| config k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Config is any provider specific configuration |
ImageStatus
(Appears on: Image)
ImageStatus represent the image status
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions are a collection of conditions on the tag |
| status Status | Status is overall status of the workspace |
ImageTag
ImageTag represents an image a docker repository
| Field | Description | ||||
|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec ImageTagSpec |
| ||||
| status ImageTagStatus |
|
ImageTagSpec
(Appears on: ImageTag)
ImageTagSpec represent the image details
| Field | Description |
|---|---|
| url string | URL is the full url for this docker image |
ImageTagStatus
(Appears on: ImageTag)
ImageTagStatus represents the status of a image tag
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions are a collection of conditions on the tag |
| status Status | Status is overall status of the workspace |
ProviderRegistryType (string)
(Appears on: RegistryProviderDetails)
ProviderRegistryType represents the concrete type of account that a CloudAccount represents
| Value | Description |
|---|---|
"ECRRegistry" | ProviderAccountTypeECRRegistry is an ECR registry in AWS |
RegistryProviderDetails
(Appears on: RegistrySpec)
RegistryProviderDetails provides parameters that are specific to a particular type of registry
| Field | Description |
|---|---|
| type ProviderRegistryType | |
| ecrRegistry ECRRegistryParameters | (Optional) ECRRegistry holds parameters specific to ECR Registries. Present only if type is ECRRegistry. |
RegistrySpec
(Appears on: Registry)
RegistrySpec defines the desired state of registry
| Field | Description |
|---|---|
| provider string | Provider is the type of registry we have (quay, ecr, gcr etc) |
| providerDetails RegistryProviderDetails | ProviderDetails provides additional fields which can be used for registry provider specific information i.e. AWS Region or CloudAccount for a cloud provided registry |
| imagePrefix string | ImagePrefix indicates the images has a prefix |
| tags map[string]string | Tags is a collection of tags to be applied to all images if supported |
| tokens Kubernetes core/v1.SecretReference | Tokens are a secret of credentials for the registry - this are different depending on the provide - i.e ecr gcp or goharbor DEPRECATED: This is no longer used. Values here will be ignored. |
| endpoint string | Endpoint is the registry endpoint DEPRECATED: See status instead, values here will be ignored |
RegistryStatus
(Appears on: Registry)
RegistryStatus defines the observed state of registry
| Field | Description |
|---|---|
| endpoint string | Endpoint is the URL to access this registry on |
| conditions []LegacyCondition | Conditions is a collection of errors messages |
| pushToken Kubernetes core/v1.SecretReference | PushToken is a token used to push images to the registry |
| pullToken Kubernetes core/v1.SecretReference | PullToken is a token used to pull images from the registry |
| status Status | Status is overall status of the registry |
RunStatus
RunStatus represents a build which has occurred off this build
| Field | Description |
|---|---|
| creationTimestamp Kubernetes meta/v1.Time | CreationTimestamp is the time the build was kicked off |
| buildTime Kubernetes meta/v1.Duration | BuildTime is the time the build took |
| image string | Image is the result image from the build |
| gitSha string | GitSHA is the gitsha the image was built from |
| status Status | Status is the result of the build run |
| uid string | UID was the uid of the run |
core.appvia.io/v1alpha1
Package v1 contains the core api resources
Resource Types:ActionSelector
ActionSelector is used to filter on the operation type
| Field | Description |
|---|---|
| verbs []string |
Allocatable
Allocatable must be implemented by CRDs which are allocateable
CommonStatus
(Appears on: CloudAccountClaimStatus, CloudAccountStatus, CloudCredentialStatus, ClusterStatus, NamespaceClaimStatus, CloudMetaServiceStatus, CostImportStatus, BuildStatus, NetworkFabricStatus, HelmReleaseStatus, HelmStatus, AssumePolicyStatus, PolicyPlanStatus, PolicyStatus)
| Field | Description |
|---|---|
| status Status | Status is the overall status of the resource. This will shortly become required, hence no omit empty here. |
| message string | Message is a description of the current status |
| detail string | (Optional) Detail is any additional human-readable detail to understand the current status, for example, the full underlying error which caused an issue |
| conditions Conditions | Conditions represents the observations of the resource’s current state. |
| lastReconcile LastReconcileStatus | LastReconcile describes the generation and time of the last reconciliation |
| lastSuccess LastReconcileStatus | LastSuccess descibes the generation and time of the last reconciliation which resulted in a Success status |
CommonStatusAware
CommonStatusAware is implemented by any Wayfinder resource which has the standard Wayfinder common status implementation
Component
Component the state of a component of the resource
| Field | Description |
|---|---|
| name string | Name is the name of the component |
| status Status | Status is the status of the component |
| message string | Message is a human readable message on the status of the component |
| detail string | Detail is additional details on the error is any |
| resource Ownership | Resource is a reference to the resource |
Components ([]*github.com/appvia/wayfinder/pkg/apis/core/v1alpha1.Component)
(Appears on: CrossplaneDeploymentStatus, CloudMetaServiceStatus, ServiceAccessDeploymentStatus, ServiceAccessStatus, ServiceDeploymentStatus, ServiceProviderStatus, ServiceStatus)
Components is a collection of components
Condition
(Appears on: PlanStatus)
Condition is the current observed condition of some aspect of a resource
| Field | Description |
|---|---|
| type ConditionType | Type of condition in CamelCase or in foo.example.com/CamelCase.Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
| status Kubernetes meta/v1.ConditionStatus | Status of the condition, one of True, False, Unknown. |
| observedGeneration int64 | (Optional) ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
| lastTransitionTime Kubernetes meta/v1.Time | LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. |
| reason string | Reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
| message string | (Optional) Message is a human readable message indicating details about the transition. This may be an empty string. |
| name string | Name is a human-readable name for this condition. |
| detail string | (Optional) Detail is any additional human-readable detail to understand this condition, for example, the full underlying error which caused an issue |
| negativePolarity bool | (Optional) NegativePolarity indicates this is a ‘normal-false’ condition - i.e. the ‘normal’/‘successful’ status for this condition is metav1.ConditionFalse. This will be the case for conditions such as ‘OutOfMemory’. If unset/false, positive polarity can be assumed - i.e. that metav1.ConditionTrue indicates the ‘normal’/‘successful’ status. This will be the case for conditions such as ‘Deployed’ |
ConditionSpec
ConditionSpec describes the shape of a condition which will be populated onto the status
| Field | Description |
|---|---|
| Type ConditionType | The PascalCase condition type, e.g. ServiceAvailable or InsufficientCapacity. See ConditionType for the rules on condition types. |
| Name string | Name is a human-readable name for this condition, used for UI and CLI reporting / explanation If Name is empty, the Type will be used also as the Name. |
| DefaultStatus Kubernetes meta/v1.ConditionStatus | DefaultStatus is the default status - if unset, metav1.ConditionUnknown will be used. |
| NegativePolarity bool | NegativePolarity indicates this is a ‘normal-false’ condition - i.e. the ‘normal’/‘successful’ status for this condition is metav1.ConditionFalse. This will be the case for conditions such as ‘OutOfMemory’, ‘Degraded’. If unset/false, positive polarity will be assumed - i.e. that metav1.ConditionTrue indicates the ‘normal’/‘successful’ status. This will be the case for conditions such as ‘Deployed’ or ‘Available’. |
ConditionType (string)
(Appears on: Condition, ConditionSpec)
ConditionType defines a type of a condition in PascalCase or in foo.example.com/PascalCase
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| Value | Description |
|---|---|
"Ready" | ConditionReady describes the overall status of the resource. All Wayfinder resources should set ConditionReady |
Conditions ([]github.com/appvia/wayfinder/pkg/apis/core/v1alpha1.Condition)
(Appears on: CommonStatus)
ConfigurationFromSource
| Field | Description |
|---|---|
| path string | Path is the JSON path of the configuration parameter Examples: “field”, “map_field.value”, “array_field.0”, “array_field.0.value” To append a value to an existing array: “array_field.-1” To reference a numeric key on a map: “map_field.:123.value” |
| secretKeyRef OptionalSecretKeySelector | SecretKeyRef is a reference to a key in a secret |
LastReconcileStatus
(Appears on: CommonStatus)
| Field | Description |
|---|---|
| time Kubernetes meta/v1.Time | Time is the last time the resource was reconciled |
| generation int64 | Generation is the generation reconciled on the last reconciliation |
LegacyCondition
(Appears on: ExternalVPCStatus, PeeringStatus, SecurityGroupRuleStatus, PlanStatus, StageStatus, BuildRunStatus, ImageStatus, ImageTagStatus, RegistryStatus, AssignableNetworkStatus, UserStatus, WorkspaceInvitationStatus, WorkspaceStatus)
LegacyCondition is a reason why something failed
| Field | Description |
|---|---|
| message string | Message is a human readable message |
| detail string | Detail is a actual error which might contain technical reference |
NamespaceSelector
(Appears on: Selector)
NamespaceSelector is used to filter down on namespaces
| Field | Description |
|---|---|
| names []string | Names provides a filter on the namespace name |
| labels map[string][]string | Labels is a collection of filters on the namespace |
Object
Object is the standard interface implemented by Wayfinder CRDs
OptionalSecretKeySelector
(Appears on: ConfigurationFromSource)
| Field | Description |
|---|---|
| SecretKeySelector SecretKeySelector | (Members of SecretKeySelector are embedded into this type.) |
| optional bool | Optional controls whether the secret with the given key must exist |
Ownership
(Appears on: ExternalVPCSpec, PeeringSpec, SecurityGroupRuleSpec, CloudAccountStatus, CrossplaneDeploymentSpec, NamespaceClaimSpec, Networking, BuildSpec, Component, FirewallSpec, PeeringConnection, HelmReleaseSpec, ResourceValuesFrom, InputConstraint, RobotStatus, SecurityResourceOverview, SecurityScanResultSpec, ServiceAccessDeploymentSpec, ServiceAccessSpec, ServiceSpec)
Ownership indicates the ownership of a resource
| Field | Description |
|---|---|
| group string | Group is the api group |
| version string | Version is the group version |
| kind string | Kind is the name of the resource under the group |
| namespace string | Namespace is the location of the object |
| name string | Name is name of the resource |
ResourceAllocation
(Appears on: CloudAccountSpec, OrgUserRole, PlanSpec)
ResourceAllocation describes who is allowed to use a resource across workspace boundaries.
| Field | Description |
|---|---|
| type ResourceAllocationType | Type controls which workspaces can use this resource . If ‘none’, this resource cannot be used by workspaces other than the one the resource exists in. ‘all’ allows it to be used by all workspaces, and ‘workspaces’ indicates it can be used by the workspaces listed in the workspaces property. |
| workspaces WorkspaceKeys | Workspaces indicates which workspaces can use this resource. Ignored unless type is set to ‘workspaces’. |
ResourceAllocationType (string)
(Appears on: ResourceAllocation)
ResourceAllocationType represents the possible types of resource allocation
| Value | Description |
|---|---|
"all" | ResourceAllocationAll indicates that the resource can be used by all workspaces |
"none" | ResourceAllocationNone indicates that the resource can only be used by the workspace that owns it |
"workspaces" | ResourceAllocationWorkspaces indicates that the resource can be used by a specified set of workspaces |
ResourceSelector
(Appears on: Selector, Target)
ResourceSelector is a resource selector
| Field | Description |
|---|---|
| nonResourceURLs []string | NonResourceURLs are urls which do not map to resources by require some level of policy control |
| groups []string | Groups is a collection of api grouprs to filter on |
| resources []string | Resources is a collection of resources under those groups |
| subresources []string | SubResources is a collection of subresource under the resource type Deprecated field please use resource/subresource format |
| resourceNames []string | ResourceNames is a collection of resource names |
| labels map[string]string | Labels a collection of labels to filter the resource by |
| verbs []string | Verbs are actions on the resources themselves |
SecretKeySelector
(Appears on: OptionalSecretKeySelector)
| Field | Description |
|---|---|
| name string | Name is the name of the secret |
| namespace string | Name is the namespace of the secret |
| key string | Key is they data key in the secret |
Status (string)
(Appears on: ExternalVPCStatus, PeeringStatus, SecurityGroupRuleStatus, CloudAccountUserRoleStatus, CrossplaneDeploymentStatus, PlanStatus, CostImportRun, PlanStatus, StageStatus, BuildRunStatus, ImageStatus, ImageTagStatus, RegistryStatus, RunStatus, CommonStatus, Component, AssignableNetworkStatus, UserStatus, WorkspaceInvitationStatus, WorkspaceStatus, RobotStatus, ServiceAccessDeploymentStatus, ServiceAccessStatus, ServiceCatalogStatus, ServiceDeploymentStatus, ServiceProviderStatus, ServiceStatus)
Status is the status of a thing
| Value | Description |
|---|---|
"ActionRequired" | ActionRequiredStatus indicates that user action is required to remediate the current state of a resource, e.g. a spec value is wrong or some external action needs to be taken |
"Creating" | CreatingStatus indicate we are creating a resource |
"DeleteFailed" | DeleteFailedStatus indicates that deleting the entity failed |
"Deleted" | DeletedStatus indicates a deleted entity |
"Deleting" | DeletingStatus indicates we ar deleting the resource |
"" | EmptyStatus indicates an empty status |
"Error" | ErrorStatus indicates that a recoverable error happened |
"Failure" | FailureStatus indicates the resource has failed for one or more reasons |
"Pending" | PendingStatus indicate we are waiting |
"Success" | SuccessStatus is a successful resource |
"Unknown" | Unknown is an unknown status |
"Updating" | UpdatingStatus indicate we are creating a resource |
"Warning" | WarningStatus indicates are warning |
StatusAware
StatusAware is an interface for objects which have a status and zero or more components
SubjectSelector
(Appears on: Selector)
SubjectSelector is used to filter down in the caller
| Field | Description |
|---|---|
| subjects []string | Subjects is a collection of subjects / username to filter on |
| roles []string | Roles is a collection of roles the user has access to |
| groups []string | Groups is a collection of groups the user is a member of |
| scopes []string | Scopes is a collection of scopes for the identity |
WorkspaceKey (string)
(Appears on: WorkspaceCostSummary, AuditEventSpec, WorkspaceInvitationSpec, WorkspaceSpec, SecurityOverviewSpec)
WorkspaceKey is the unique identifier for a workspace in Wayfinder. Use .Namespace() to convert to the right name for the workspace’s namespace in the management cluster.
| Value | Description |
|---|---|
"admin" | AdminWorkspace is the workspace where platform administrative resources live **IMPORTANT: IF THIS VALUE IS CHANGED, ENSURE THAT ui/lib/utils/workspaces.ts IS ALSO UPDATED |
WorkspaceKeys ([]github.com/appvia/wayfinder/pkg/apis/core/v1alpha1.WorkspaceKey)
(Appears on: ResourceAllocation, ClusterSelector)
WorkspaceKeys is a set of workspace keys
costs.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the cost v1alpha1 API group
Resource Types:Account
Account represents an account
| Field | Description |
|---|---|
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace that owns this asset |
| assetIdentifier string | AssetIdentifier is the unique identifier for this asset |
| name string | Name is the name of the resource in wayfinder, for reference |
| provider string | Provider is the cloud provider who provides this resource |
| account string | Provider is the identifier for this account in the providers |
Asset
Asset represents a resource known to Wayfinder which a cost provider should provide costs data for
| Field | Description |
|---|---|
| tags map[string]string | Tags are a set of tags which can be used to identify this asset |
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace that owns this asset |
| assetIdentifier string | AssetIdentifier is the unique identifier for this asset |
| name string | Name is the name of the resource in wayfinder, for reference |
| provider string | Provider is the cloud provider who provides this resource |
AssetCost
AssetCost defines the details about a cost related to a piece of infrastructure deployed by Wayfinder for a workspace. It is expected that any asset may have multiple AssetCosts covering a specific time period to represent the different charges levied by the provider for that piece of infrastructure.
| Field | Description |
|---|---|
| costIdentifier string | CostIdentifier is the unique identifer for this line of cost data - cost providers must ensure that if a cost line item is updated, it has the same identifier, and that different line items have unique cost identifiers for a given AssetIdentifier. If a cost provider provides immutable cost entries, i.e. they will never be updated, then this can be left blank and Wayfinder will assign a unique identifier. |
| assetIdentifier string | AssetIdentifier is the unique identifier assigned to the resource this cost applies to, e.g. the unique cluster ID, etc. |
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace this resource belongs to. |
| cost int64 | Cost is the actual incurred cost total cost for this piece of infrastructure for the specified time period in microdollars |
| usageStartTime Kubernetes meta/v1.Time | UsageStartTime indicates the start of the period this cost is applicable for |
| usageEndTime Kubernetes meta/v1.Time | UsageEndTime indicates the end of the period this cost is applicable for |
| usageType string | UsageType is the provider-specific code or title for this type of usage (e.g. a SKU or similar) |
| description string | Description identifies the type of cost this line item refers to |
| usageAmount string | UsageAmount is the quantity of the resource used (e.g. amount of storage) |
| usageUnit string | UsageUnit is the unit that UsageAmount is expressed in (e.g. seconds, gibibytes, etc) |
| provider string | Provider indicates which cloud provider this cost relates to |
| account string | Account indicates which account / project / subscription this cost relates to |
| invoice string | Invoice is the invoice on which this cost was billed (in the format YYYYMM, e.g. 202008 for August 2020) |
| retrievedAt Kubernetes meta/v1.Time | RetrievedAt is the time at which this cost item was retrieved/refreshed from the provider |
AssetCostSummary
AssetCostSummary represents the total cost known to wayfinder for an asset (over a period of time)
| Field | Description |
|---|---|
| assetIdentifier string | AssetIdentifier is the unique identifier assigned to the resource this cost applies to, e.g. the unique cluster ID, etc. |
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspaice this resource belongs to. |
| assetName string | AssetName is the name of the asset these costs relate to |
| assetType string | AssetType is the type of the asset these costs relate to |
| provider string | Provider is the cloud provider who provides this assset |
| details []*github.com/appvia/wayfinder/pkg/apis/costs/v1alpha1.AssetCost | Details provides the individual cost line items that make up this summary |
| CostSummary CostSummary |
Continent
Continent is a geographical grouping of regions
| Field | Description |
|---|---|
| name string | |
| regions []Region |
CostEstimate
CostEstimate defines the result of the cost estimation
| Field | Description |
|---|---|
| minCost int64 | MinCost is the minimum hourly cost estimate in microdollars |
| typicalCost int64 | TypicalCost is the expected / likely hourly cost estimate in microdollars |
| maxCost int64 | MaxCost is the estimated upper limit of the hourly cost in microdollars |
| costElements []CostEstimateElement | CostElements provides details of the different components which make up this cost estimate |
| preparedAt Kubernetes meta/v1.Time | PreparedAt indicates the time this estimate was prepared |
CostEstimateElement
(Appears on: CostEstimate)
CostEstimateElement represents a logical component which has an associated cost
| Field | Description |
|---|---|
| name string | Name is the name of this component |
| minCost int64 | MinCost is the minimum hourly cost estimate of this component in microdollars |
| typicalCost int64 | TypicalCost is the expected / likely hourly cost estimate of this component in microdollars |
| maxCost int64 | MaxCost is the estimated upper limit of the hourly cost of this component in microdollars |
CostSummary
(Appears on: AssetCostSummary, OverallCostSummary, WorkspaceCostSummary)
CostSummary represents a total cost over a period of time
| Field | Description |
|---|---|
| cost int64 | Cost is the actual incurred cost total cost for the specified time period in microdollars |
| usageStartTime Kubernetes meta/v1.Time | StartTime indicates the start of the period this summary includes costs for |
| usageEndTime Kubernetes meta/v1.Time | EndTime indicates the end of the period this summary includes costs for |
InstanceType
InstanceType is an available compute type from a cloud provider
| Field | Description |
|---|---|
| category string | Category is the classification of this instance type |
| name string | Name is the unique identifier of this instance type |
| prices map[github.com/appvia/wayfinder/pkg/apis/costs/v1alpha1.PriceType]int64 | Prices gives the price of this instance type in microdollars per hour for the given price type |
| mCpus int64 | MCpus is the number of milliCPUs assigned to this instance type |
| mem int64 | Mem is the amount of memory, expressed in milli-GiBs, assigned to this instance type |
OverallCostSummary
OverallCostSummary represents the total costs known to wayfinder over a period of time, and acts as a container for WorkspaceCostSummaries
| Field | Description |
|---|---|
| CostSummary CostSummary | |
| workspaceCosts []*github.com/appvia/wayfinder/pkg/apis/costs/v1alpha1.WorkspaceCostSummary |
PriceType (string)
PriceType is the possible types of prices for cloud infrastructure
| Value | Description |
|---|---|
"OnDemand" | PriceTypeOnDemand is the normal ‘rack’ price for a piece of infrastructure |
"PreEmptible" | PriceTypePreEmptible is the fixed discounted price which you can use a piece of infrastructure for subject to availability and early termination |
"Spot" | PriceTypeSpot is the variable price which you may be able to use a piece of infrastructure for |
Region
(Appears on: Continent)
Region is a specific cloud provider region
| Field | Description |
|---|---|
| id string | |
| name string |
WorkspaceCostSummary
WorkspaceCostSummary represents the total cost known to wayfinder for a workspace (over a period of time)
| Field | Description |
|---|---|
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace these costs belongs to. |
| workspace WorkspaceKey | Workspace is the key of the workspace that these costs belong to |
| assetCosts []*github.com/appvia/wayfinder/pkg/apis/costs/v1alpha1.AssetCostSummary | AssetCosts gives the detail of the assets which make up this workspace cost |
| CostSummary CostSummary |
networking.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the compute v1alpha1 API group
Resource Types:FirewallRules
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v1alpha1 | ||||
| kind string | FirewallRules | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec FirewallSpec |
| ||||
| status FirewallStatus |
NetworkFabric
NetworkFabric is the schema for NetworkFabric
| Field | Description | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v1alpha1 | ||||||||||||||||||||||||
| kind string | NetworkFabric | ||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||
| spec NetworkFabricSpec |
| ||||||||||||||||||||||||
| status NetworkFabricStatus |
|
Peering
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v1alpha1 | ||||
| kind string | Peering | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec PeeringSpec |
| ||||
| status PeeringStatus |
FirewallRule
(Appears on: FirewallSpec)
FirewallRule represents the various options associated with a firewall rule. Depending on the cloud, a single FirewallRule might be expanded to multiple individual firewall rules.
| Field | Description |
|---|---|
| name string | Name is the name of the firewall rule. |
| description string | Description is an optional description of the firewall rule. |
| action string | Action dictates whether to allow or deny matching traffic. |
| cidrBlocks []IPv4CIDR | CIDRBlocks is the list of IP address ranges that this rule applies to. |
| direction string | Direction dictates whether this rule applies to inbound or outbound traffic. |
| ipVersion uint16 | IPVersion is the version of the Internet Protocol for the firewall rule. |
| protocols []string | Ports is a list of protocols that this firewall rule applies to. |
| ports []Port | Ports is a list of port numbers that this firewall rule applies to. If omitted, the rule applies to all ports. |
| priority uint16 | Priority dictates the precedences of the firewall rule. Lower values indicate higher priorities. |
FirewallSpec
(Appears on: FirewallRules)
FirewallSpec defines the desired state of a firewall
| Field | Description |
|---|---|
| networkRef Ownership | NetworkRef is a reference to the network associated with the firewall. |
| rules []FirewallRule | Rules is a list of firewall rules. |
FirewallStatus
(Appears on: FirewallRules)
FirewallStatus defines the observed state of a firewall
IPv4CIDR (string)
(Appears on: FirewallRule, NetworkFabricRoute, NetworkFabricSubnetIPv4)
IPv4CIDR represents an IP range in the A.B.C.D/N format
IPv4CIDRBlocks ([]github.com/appvia/wayfinder/pkg/apis/networking/v1alpha1.IPv4CIDR)
(Appears on: NetworkFabricIPv4)
IPv4CIDRBlocks is a list of IPv4 addresses
NetworkFabricIPv4
(Appears on: NetworkFabricSpec)
| Field | Description |
|---|---|
| cidrBlocks IPv4CIDRBlocks | CIDRBlocks is a list of CIDR blocks that should be associated with the network. [AWS] Multiple IP ranges. AWS only supports a single IP range is supported oncreation, but can be updated afterwards to specify additional IP ranges. [GCP] Unsupported. [Azure] Multiple IP ranges. |
NetworkFabricLayout
(Appears on: NetworkFabricSpec)
| Field | Description |
|---|---|
| mode string | Mode dictates whether the layout of the network should be set up manually or automatically. If automatic, no other fields should be specified. If manual, fields should be specified manually by the caller. Currently, only “auto” is supported. In future, “manual” will be implemented as required. |
| privateSubnets int | PrivateSubnets is the number of private subnets that should be generated in the network. Mode must be set to “auto” for this field to be valid. |
| publicSubnets int | PublicSubnets is the number of public subnets that should be generated in the network. Mode must be set to “auto” for this field to be valid. |
NetworkFabricRoute
(Appears on: NetworkFabricSpec)
| Field | Description |
|---|---|
| name string | Name is the name of the route. |
| description string | Description is an optional description of the route. |
| cidrBlock IPv4CIDR | CIDRBlock represents the range of destination IP addresses that this route applies to. |
| target NetworkFabricRouteTarget | Target is the destination that the traffic bound for IP addresses within CIDRBlock range will be sent to. This target may be a gateway, network interface, or connection through which to send the destination traffic; for example, an internet gateway. |
NetworkFabricRouteTarget
(Appears on: NetworkFabricRoute)
NetworkFabricRouteTarget contains the information necessary to determine the destination that network traffic should be sent to.
TODO: Determine what goes here (IPv4 vs IPv6 routing, local, internet gateway, NAT gateway)
NetworkFabricSpec
(Appears on: NetworkFabric)
NetworkFabricSpec defines the desired state of a network
| Field | Description |
|---|---|
| layout NetworkFabricLayout | Layout refers to the layout of the network. It controls whether the various parts - subnets, routes, etc. - are set up manually (i.e. specified in the spec) or automatically (i.e. generated by the provider). |
| cloudAccountRef CloudAccountReference | CloudAccountRef is a reference to the cloud account that should be used to create the network. |
| ipv4 NetworkFabricIPv4 | IPv4 contains the IPv4 configuration associated with the network. |
| location string | Location is the region the network should be created in. [AWS] Region [GCP] Networks do not have an associated region, so this will be set to “global” [Azure] Region |
| name string | Name is used to identify the network object in the cloud provider [AWS] Names are not supported, so is a “Name” tag on the VPC [GCP] Name of the Network [Azure] Name of the Virtual Network (VNet) |
| plan string | Plan currently refers to a pre-defined “flavour” of network, which is not configurable by the caller. For example, when In future, when “plans” in their traditional sense are supported for NetworkFabrics, this will refer to the original plan that the network was created from. |
| provider string | Provider refers to the cloud provider. |
| providerDetails ProviderDetails | ProviderDetails defines cloud-specific network options |
| routes []NetworkFabricRoute | Routes is the list of routes within the network. Mode must be set to “manual” for this field to be valid. |
| stage string | Stage is the name of the stage for the network. |
| subnets []NetworkFabricSubnet | Subnets is the list of subnets within the network. Mode must be set to “manual” for this field to be valid. |
| tags map[string]string | Tags is a collection of tags to apply to the resources associated with the network, if applicable. |
NetworkFabricStatus
(Appears on: NetworkFabric, ClusterStatus)
NetworkFabricStatus defines the observed state of a network
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| cloudAccount CloudAccountReference | CloudAccountRef is a reference to the cloud account to use to retrieve credentials for this network. Will be populated if the spec specifies a CloudAccount as the credential object. |
| aws NetworkFabricStatusAWS | AWS contains the AWS-specific state for the network |
| azure NetworkFabricStatusAzure | Azure contains the Azure-specific state for the network |
| gcp NetworkFabricStatusGCP | GCP contains the GCP-specific state for the network |
NetworkFabricStatusAWS
(Appears on: NetworkFabricStatus)
NetworkFabricStatusAWS contains the AWS-specific attributes of the status block.
| Field | Description |
|---|---|
| vpcID string | VpcID is the identifier of the VPC |
| availabilityZoneIDs []string | AvailabilityZoneIDs is the list of AZ ids |
| availabilityZoneNames []string | AvailabilityZoneIDs is the list of AZ names |
| privateSubnetIDs []string | PrivateSubnetIDs is a list of subnet IDs to use for the worker nodes |
| publicSubnetIDs []string | PublicSubnetIDs is a list of subnet IDs to use for resources that need a public IP (e.g. load balancers) |
| securityGroupIDs []string | SecurityGroupIDs is a list of security group IDs to use for a cluster |
| ipv4EgressAddresses []string | PublicIPV4EgressAddresses provides the source addresses for traffic coming from the cluster - can provide input for securing Kube API endpoints in managed clusters |
| privateIPV4Addresses []string | PrivateIPV4Addresses provides the list of private subnet addresses |
| publicIPV4Addresses []string | PublicIPV4Addresses provides the list of public subnet addresses |
NetworkFabricStatusAzure
(Appears on: NetworkFabricStatus)
NetworkFabricStatusAzure contains the Azure-specific attributes of the status block.
| Field | Description |
|---|---|
| virtualNetworkID string | VirtualNetworkID is the identifier of the Virtual Network |
| subnetIDs []string | SubnetIDs are the list of subnet IDs in the Virtual Network |
NetworkFabricStatusGCP
(Appears on: NetworkFabricStatus)
NetworkFabricStatusGCP contains the GCP-specific attributes of the status block.
| Field | Description |
|---|---|
| name string | Name is the name of the network in GCP |
NetworkFabricSubnet
(Appears on: NetworkFabricSpec)
| Field | Description |
|---|---|
| name string | Name is the name of the subnet. |
| description string | Description is an optional description of the subnet. |
| location string | Location is the zone or region associated with the subnet. [AWS] Zone [GCP] Region [Azure] Region (same as the Virtual Network) |
| ipv4 NetworkFabricSubnetIPv4 | IPv4 is the Internet Protocol (version 4) configuration for the subnet. |
NetworkFabricSubnetIPv4
(Appears on: NetworkFabricSubnet)
| Field | Description |
|---|---|
| cidrBlock IPv4CIDR | CIDRBlock is the IP address range for the subnet. |
| ipVersion uint16 | IPVersion is the Internet Protocol version of the subnet. |
| type string | Type determines whether VMs launched into this subnet should have public or private IP address. If |
PeeringConnection
(Appears on: PeeringSpec)
| Field | Description |
|---|---|
| name string | Name is the name of the peering connection. |
| description string | Description is an optional description of the peering connection. |
| networkRef Ownership | NetworkRef is a reference to one side of the peering connection. |
PeeringSpec
(Appears on: Peering)
| Field | Description |
|---|---|
| PeeringConnection PeeringConnection | (Members of PeeringConnection are embedded into this type.) PeeringConnection is configuration for one side of a peering connection. |
| remote PeeringConnection | Remote is configuration for the other side of a peering connection. |
PeeringStatus
(Appears on: Peering)
PeeringStatus defines the observed state of a peering setup
Port (uint16)
(Appears on: FirewallRule)
Port is a network port.
ProviderDetails
(Appears on: NetworkFabricSpec)
ProviderDetails defines the parameters for cloud specific options - i.e options which cannot be consolidated as they are too specific to the chosen cloud vendor
| Field | Description |
|---|---|
| type string | Type represents the cloud the NetworkFabric belongs to |
| aws ProviderDetailsAWS | AWS is the provider specification for AWS networks |
| azure ProviderDetailsAzure | Azure is the provider specification for Azure networks |
| gcp ProviderDetailsGCP | GCP is the provider specification for GCP networks |
ProviderDetailsAWS
(Appears on: ProviderDetails)
ProviderDetailsAWS defines the AWS-specific NetworkFabric configuration
ProviderDetailsAzure
(Appears on: ProviderDetails)
ProviderDetailsAzure defines the Azure-specific NetworkFabric configuration
| Field | Description |
|---|---|
| resourceGroup string | ResourceGroup is the Azure resource group |
ProviderDetailsGCP
(Appears on: ProviderDetails)
ProviderDetailsGCP defines the GCP-specific NetworkFabric configuration
networks.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the gke v1alpha1 API group
Resource Types:AssignableNetwork
AssignableNetwork is the definition for an assignable network range
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | networks.appvia.io/v1alpha1 | ||||||||||
| kind string | AssignableNetwork | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec AssignableNetworkSpec |
| ||||||||||
| status AssignableNetworkStatus |
|
AssignableNetworkRange
AssignableNetworkRange defines a assignable network range
| Field | Description |
|---|---|
| defaultMask int | DefaultMask is the default block to assign from the range |
| min int | Min is the smaller network mask a block can be assigned from - else we default the default mask |
| max int | Max is the maximum block size from the range |
| range string | Range is the CIDR range of the network |
| type string | Type is the network type being defined - i.e. pods, clusters or node |
AssignableNetworkSpec
(Appears on: AssignableNetwork)
AssignableNetworkSpec define the definitions for network ranges
| Field | Description |
|---|---|
| provider string | Providers the provider the range is assigned |
| excludeWorkspaces []string | ExcludeWorkspaces is a collection of workspaces whom are excluded from the requirement. |
| includeWorkspaces []string | IncludeWorkspaces is a collection of workspaces who are included as part of the rule - if specified the requirement is only applied to those workspaces - by default we assume this as a wildcard all workspaces |
| networks []*github.com/appvia/wayfinder/pkg/apis/networks/v1alpha1.AssignableNetworkRange | Networks is a collection of network assignment for a particular provider |
| plans []string | Plans is a optional list of plans to associate the range to |
AssignableNetworkStatus
(Appears on: AssignableNetwork)
AssignableNetworkStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is a set of condition which has caused an error |
| status Status | Status is overall status of the policy |
org.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the org v1alpha1 API group
Resource Types:AuditEvent
AuditEvent is the Schema for the audit API
| Field | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||||||||||||||||||||||||||
| kind string | AuditEvent | ||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||
| spec AuditEventSpec |
|
Identity
Identity is the Schema for the identities API
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||||||||
| kind string | Identity | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec IdentitySpec |
|
User
(Appears on: IdentitySpec)
User is the Schema for the users API
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||||||
| kind string | User | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec UserSpec |
| ||||||
| status UserStatus |
|
Workspace
Workspace is the Schema for the workspace API
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||||||
| kind string | Workspace | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec WorkspaceSpec |
| ||||||
| status WorkspaceStatus |
|
WorkspaceInvitation
WorkspaceInvitation is the Schema for the workspace invitation API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||||
| kind string | WorkspaceInvitation | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec WorkspaceInvitationSpec |
| ||||
| status WorkspaceInvitationStatus |
|
WorkspaceMember
WorkspaceMember is the Schema for members of the workspace API
| Field | Description | ||
|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||
| kind string | WorkspaceMember | ||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||
| spec WorkspaceMemberSpec |
|
WorkspaceMemberRole
WorkspaceMemberRole is the Schema for the workspace member roles API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||||
| kind string | WorkspaceMemberRole | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec WorkspaceMemberRoleSpec |
|
WorkspaceRole
WorkspaceRole is the Schema for the workspace roles API
| Field | Description | ||
|---|---|---|---|
| apiVersion string | org.appvia.io/v1alpha1 | ||
| kind string | WorkspaceRole | ||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||
| spec WorkspaceRoleSpec |
|
AssetType (string)
AssetType defines the type of a workspace asset
| Value | Description |
|---|---|
"CloudAccount" | AssetTypeCloudAccount identifies a cloud account asset |
"CloudService" | AssetTypeCloudService identifies a cloud service (e.g. S3 bucket, RDS instance) asset |
"Cluster" | AssetTypeCluster identifies a cluster asset |
"Namespace" | AssetTypeNamespace identifies a namespace asset |
"NodePool" | AssetTypeNodePool identifies a node pool asset |
AuditEventSpec
(Appears on: AuditEvent)
AuditEventSpec defines the desired state of User
| Field | Description |
|---|---|
| id int | ID is the unique identifier of this audit event. |
| createdAt Kubernetes meta/v1.Time | CreatedAt is the timestamp of record creation |
| resource string | Resource is the area of the API accessed in this audit operation (e.g. workspaces, etc). |
| resourceURI string | ResourceURI is the identifier of the resource in question. |
| apiVersion string | APIVersion is the version of the API used for this operation. |
| verb string | Verb is the type of action performed (e.g. PUT, GET, etc) |
| operation string | Operation is the operation performed (e.g. UpdateCluster, CreateCluster, etc). |
| workspace WorkspaceKey | Workspace is the workspace whom event may be associated to |
| user string | User is the user which the event is related |
| startedAt Kubernetes meta/v1.Time | StartedAt is the timestamp the operation was initiated |
| completedAt Kubernetes meta/v1.Time | CompletedAt is the timestamp the operation completed |
| responseCode int | ResponseCode indicates the HTTP status code of the operation (e.g. 200, 404, etc). |
| message string | Message is event message itself |
BasicAuth
(Appears on: IdentitySpec)
BasicAuth defines the basicauth identity
| Field | Description |
|---|---|
| password string | Password is a password associated to the user |
IDPUser
(Appears on: IdentitySpec)
IDPUser is associated idp user
| Field | Description |
|---|---|
| email string | Email for the associated user |
| uuid string | UUID is a unique id for the user in the external idp |
IdentitySpec
(Appears on: Identity)
IdentitySpec defines the desired state of User
| Field | Description |
|---|---|
| accountType string | AccountType is the account type of the identity i.e. sso, basicauth etc |
| basicAuth BasicAuth | BasicAuth defines a basicauth identity |
| idpUser IDPUser | IDPUser links to the associated idp user |
| user User | User is the user spec the identity is associated |
UpdateBasicAuthIdentity
UpdateBasicAuthIdentity defines the desired state of an update
| Field | Description |
|---|---|
| password string | Password is a password associated to the user |
| username string | Username is the user you are update the credential for |
UpdateIDPIdentity
UpdateIDPIdentity defines the desired state of an update
| Field | Description |
|---|---|
| IDToken string | IDToken is the identity token from the provider |
UserSpec
(Appears on: User)
UserSpec defines the desired state of User
| Field | Description |
|---|---|
| disabled bool | Disabled indicates if the user is disabled |
| email string | Email is the email for the user |
| username string | Username is the userame or identity for this user |
UserStatus
(Appears on: User)
UserStatus defines the observed state of User
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is collection of potentials error causes |
| status Status | Status provides an overview of the user status |
WorkspaceInvitationSpec
(Appears on: WorkspaceInvitation)
WorkspaceInvitationSpec defines the desired state of a workspace invitation
| Field | Description |
|---|---|
| username string | Username is the user being bound to the workspace |
| workspace WorkspaceKey | Workspace is the name of the workspace being invitied to |
WorkspaceInvitationStatus
(Appears on: WorkspaceInvitation)
WorkspaceInvitationStatus defines the observed state of a workspace invite
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is a collection of possible errors |
| status Status | Status is the status of the resource |
WorkspaceMemberRoleSpec
(Appears on: WorkspaceMemberRole)
WorkspaceMemberRoleSpec defines the desired state of WorkspaceMemberRole
| Field | Description |
|---|---|
| user string | User is the user in the workspace whom has the role |
| role string | Role is the role they have |
WorkspaceMemberSpec
(Appears on: WorkspaceMember)
WorkspaceMemberSpec defines the desired state of workspace member
| Field | Description |
|---|---|
| username string | Username is the user being bound to the workspace |
WorkspaceRoleSpec
(Appears on: WorkspaceRole)
WorkspaceRoleSpec defines the desired state of WorkspaceRole
| Field | Description |
|---|---|
| description string | Description is a description for the workspace role |
WorkspaceSpec
(Appears on: Workspace)
WorkspaceSpec defines the desired state of workspace
| Field | Description |
|---|---|
| key WorkspaceKey | Key is the unique identifier for this workspace |
| summary string | Summary is a summary name for this workspace |
| description string | Description is a description for the workspace |
WorkspaceStatus
(Appears on: Workspace)
WorkspaceStatus defines the observed state of workspace
| Field | Description |
|---|---|
| conditions []LegacyCondition | Conditions is a collection of possible errors |
| status Status | Status is the status of the resource |
package.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the helm packages api
Resource Types:GlobalHelm
GlobalHelm is a package definition
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v1alpha1 | ||||||||||||||
| kind string | GlobalHelm | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec HelmSpec |
| ||||||||||||||
| status HelmStatus |
|
Helm
Helm is a package definition
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v1alpha1 | ||||||||||||||
| kind string | Helm | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec HelmSpec |
| ||||||||||||||
| status HelmStatus |
|
HelmRelease
HelmRelease is a package definition
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v1alpha1 | ||||||||||
| kind string | HelmRelease | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec HelmReleaseSpec |
| ||||||||||
| status HelmReleaseStatus |
|
ChartSource
(Appears on: HelmSpec)
ChartSource defines the location of the helm package
| Field | Description |
|---|---|
| git GitSource | Git can be used to define the location of the helm chart in a git repository |
| helm HelmSource | Helm can be used to define a helm index as the source location of the chart to be installed |
ClusterValuesFrom
(Appears on: HelmValuesFrom)
ClusterValuesFrom is used to reference a values from an associated cluster
| Field | Description |
|---|---|
| HelmValue HelmValue | (Members of HelmValue are embedded into this type.) |
DomainValuesFrom
(Appears on: HelmValuesFrom)
DomainValuesFrom is used to reference the default domain attached to the cluster
| Field | Description |
|---|---|
| HelmValue HelmValue | (Members of HelmValue are embedded into this type.) |
| hostname string | Hostname is used to append a hostname prefix to the associated cluster domain. This allows you to build FQDNs quickly |
| matchLabels Kubernetes meta/v1.LabelSelector | MatchLabels is used to find one or more specific domain resources for inject - be careful unless intended not to match multiple as we will inject the zone names as an array |
GitSource
(Appears on: ChartSource)
GitSource defines the location of a chart in a git repository
| Field | Description |
|---|---|
| gitPullSecrets Kubernetes core/v1.SecretReference | GitPullSecrets is a reference to any credentials used to pull the repository |
| url string | URL is the location of the git repository |
HelmReleaseSpec
(Appears on: HelmRelease)
HelmReleaseSpec defines the the desired status for an helm package
| Field | Description |
|---|---|
| revision string | Revision is revision of the package in which is associated to the release |
| clusterRef Ownership | ClusterRef provides reference to the cluster this release is associated and intended to be installed on |
| globalRef string | GlobalRef is the name of the cloud package which is associated to the release |
| packageRef string | PackageRef is the name of the package within the workspace namespace that is associated to this release |
| package HelmSpec | Package contains all the package details which has been copied over from the package definition - this creates a local copy of the package as is used to reconcile the release |
HelmReleaseStatus
(Appears on: HelmRelease)
HelmReleaseStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
HelmSource
(Appears on: ChartSource)
HelmSource is used to the define the location of a chart in a helm repository
| Field | Description |
|---|---|
| name string | Name is the name of the chart we wish to install |
| url string | URL is the url to the helm repository where the chart lives |
| version string | Version is the version of the chart that should be installed |
HelmSpec
(Appears on: GlobalHelm, Helm, HelmReleaseSpec)
HelmSpec defines a helm package
| Field | Description |
|---|---|
| dependencies []string | Dependencies provides a list of dependent services which have to deployed before this package can be installed |
| installNamespace string | InstallNamespace is the location to install the package |
| source ChartSource | Source is used to define the source location of the chart and the revision which used to used to install |
| selectors Kubernetes meta/v1.LabelSelector | Selectors are the label matching selectors for where the package should be installed |
| summary string | Summary provides short description as to use of the package |
| values k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Values is a collection of values to injected into the chart when rendering the package into the clusters |
| valuesFrom []HelmValuesFrom | ValuesFrom is a optional collection of resources which are injected into the helm values before render |
HelmStatus
(Appears on: GlobalHelm, Helm)
HelmStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
HelmValue
(Appears on: ClusterValuesFrom, DomainValuesFrom, ResourceValuesFrom, SecretValuesFrom)
HelmValue are the default value parameters
| Field | Description |
|---|---|
| path string | Path is the path into the helm values |
| key string | Key is a path into the resource data |
HelmValuesFrom
(Appears on: HelmSpec)
HelmValuesFrom defines an means to extract a value out of a resource and into the values for the a helm chart
| Field | Description |
|---|---|
| cluster ClusterValuesFrom | Cluster is used to extract a piece of data out of the associated cluster resources and inject into the path defined |
| domain DomainValuesFrom | Domain is used to extract the default domain associated to the cluster and used to extract the zone name from the resource |
| resource ResourceValuesFrom | Resource is used to filter on and extract the details from one of more managed resources in Wayfinder. |
| secret SecretValuesFrom | Secret is used to reference a secret in wayfinder |
ResourceValuesFrom
(Appears on: HelmValuesFrom)
ResourceValuesFrom is used to define a reference to a resource
| Field | Description |
|---|---|
| Ownership Ownership | (Members of Ownership are embedded into this type.) |
| HelmValue HelmValue | (Members of HelmValue are embedded into this type.) |
SecretValuesFrom
(Appears on: HelmValuesFrom)
SecretValuesFrom is used to define a reference to a secret
| Field | Description |
|---|---|
| SecretReference Kubernetes core/v1.SecretReference | (Members of SecretReference are embedded into this type.) |
| HelmValue HelmValue | (Members of HelmValue are embedded into this type.) |
policy.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the org v1alpha1 API group
Resource Types:AssumePolicy
AssumePolicy is the Schema for the policies API
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | policy.appvia.io/v1alpha1 | ||||||
| kind string | AssumePolicy | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec AssumePolicySpec |
| ||||||
| status AssumePolicyStatus |
|
Policy
(Appears on: AssumptionResponseSpec)
Policy is the Schema for the policies API
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | policy.appvia.io/v1alpha1 | ||||||||||||
| kind string | Policy | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec PolicySpec |
| ||||||||||||
| status PolicyStatus |
|
PolicyPlan
(Appears on: PolicyStatus)
PolicyPlan is the Schema for the policies API
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | policy.appvia.io/v1alpha1 | ||||||||||||||
| kind string | PolicyPlan | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec PolicyPlanSpec |
| ||||||||||||||
| status PolicyPlanStatus |
|
Robot
Robot is the Schema for the robot accounts API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | policy.appvia.io/v1alpha1 | ||||
| kind string | Robot | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec RobotSpec |
| ||||
| status RobotStatus |
|
AdmissionRequest
AdmissionRequest is request to evalute an access request
| Field | Description |
|---|---|
| dryRun bool | DryRun indicates this is a dryrun to see the evaluation |
| uuid k8s.io/apimachinery/pkg/types.UID | UUID is a unique id for the request |
| kind Kubernetes meta/v1.GroupVersionResource | Kind is the fully-qualified resource being requested |
| subResource string | SubResource is the subresource being requested, if any (for example, “status” or “scale”) |
| verb string | Verb is the action being request |
| resource []byte | Resource is the actual request payload if any |
| object Object | Object is the decoded resource from above - this is required for the engine to be able to target the fields |
| name string | Name is the name of the resourc |
| namespace string | Namespace is the workspace’s namespace in which the resource resides |
| user UserInfo | User is the details related to the user requesting the action |
| origin RequestOrigin | Origin is the origin of the request i.e ip address and so forth |
AdmissionResponse
Decision is the outcome of request which are broken down in a collection of categories - validation errors, violations (denials), logged indicated resource should be logged
| Field | Description |
|---|---|
| enableProfiling bool | (Optional) EnableProfiling indicates the access request should be profiled |
| allowed []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.AllowedResult | (Optional) Allowed is a collection of policy whom gave a allowed gave an allowed decision |
| role []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.RolesResult | (Optional) Role is a collection of roles which have been granted based on the policy |
| logging []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.LogResult | (Optional) Logging is a collection of logging requirements |
| validation []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.ValidationErrorResult | (Optional) Validation is a collection of validation errors |
| violation []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.DeniedResult | (Optional) Violation is a collection of violation access this resource |
AllowedResult
AllowedResult indicates the policy we activately permitted by a policy
| Field | Description |
|---|---|
| policy string | Policy is the name of the policy |
| code int | Code is a machine readable code indicates the error |
| field string | Field is the optional field in question |
| message string | Message is a human readable message |
| value string | Value is the current value of the field |
Assignment
Assignment provides the subresource options for assiging an plan/policy to a subject
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec AssignmentSpec |
|
AssignmentSpec
(Appears on: Assignment)
AssignmentSpec describes the assignement
| Field | Description |
|---|---|
| dryRun bool | DryRun indicates we are asking not requesting it |
| expiration time.Duration | Expiration is a optional expiration for the assigned policy |
| inputs []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.PlanInput | Inputs are the a collection of inputs for the plan |
| subject Subject | Subject is the identity we are applying the policy |
AssumePolicySpec
(Appears on: AssumePolicy)
AssumePolicySpec defines the desired state of policy
| Field | Description |
|---|---|
| summary string | Summary is a optional summary the describes the policy |
| roles []string | Roles is the permitted roles your are able to assume from this policy |
| constraints Constraints | Constraints is a collection of constraints which control access the roles |
AssumePolicyStatus
(Appears on: AssumePolicy)
AssumePolicyStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
Assumption
Assumption describes a request to assume a policy plan
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec AssumptionSpec |
|
AssumptionDecision
(Appears on: AssumptionResponseSpec)
AssumptionDecision defines the a decision
| Field | Description |
|---|---|
| allowed bool | Allowed indicates the decision of the policy |
| name string | Name is the name of the assumption policy |
| failed []string | Failed is a collection of human readable reasons as to why the decision failed |
| succeeded []string | Succeeded is a collection of human readable reasons as to why the decision was positive |
AssumptionResponse
AssumptionResponse describes a response to an assumption request
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec AssumptionResponseSpec |
|
AssumptionResponseSpec
(Appears on: AssumptionResponse)
AssumptionResponseSpec defines the response back from an assumption request
| Field | Description |
|---|---|
| allowed bool | Allowed indicates the overall success |
| evalution []AssumptionDecision | Evaluation provides an optional explan |
| policy Policy | Policy is the associated parent policy which the role assumption has created to provide the permissions |
| reason string | Reason provides an overall reason why assumption was refused |
AssumptionSpec
(Appears on: Assumption)
AssumptionSpec describes the subresource for assuming a policy
| Field | Description |
|---|---|
| dryRun bool | DryRun indicates we are only asking not requesting |
| expiration time.Duration | Expiration is the requested time period for the role |
| cluster string | Cluster is the name of the cluster you wish to assume the role into |
| namespace string | Namespace is the namespace in the cluster you wish to assume the role |
| inputs []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.PlanInput | Inputs are a collection of inputs for the assumption policy |
ClusterConstraint
(Appears on: Constraints)
ClusterConstraint places a constraint around the cluster
| Field | Description |
|---|---|
| allowed Kubernetes meta/v1.LabelSelector | Allowed is a collection of clusters permitted access on the role |
| denied Kubernetes meta/v1.LabelSelector | Denied provides the means to denied one or more clusters from the role |
Constraints
(Appears on: AssumePolicySpec)
Constraints defines a constriant to assuming a role
| Field | Description |
|---|---|
| clusters ClusterConstraint | Clusters provides a constriant around the cluster which can be assumed |
| days DaysOfWeekConstraint | Days provides a constriant around the day of week a role can be assumed |
| expiration ExpirationConstraint | Expiration provides control over the length of a session |
| parameters []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.InputConstraint | Parameters provides a generic constraint around the requirement inputs into a role |
| namespaces NamespaceConstraint | Namespaces provides a constriant around the namespaces which can be assumed into from the role |
| networks NetworkConstraint | Networks allows defines one of more networks from which the user assuming the role can come from |
| roles RolesConstraint | Roles is a collection of subjects roles which are permitted access to the role |
| scopes ScopesConstraint | Scopes is a collection of subjects scopes which are permitted access to the role |
| subjects SubjectsConstraint | Subjects is a collection of subjects which are permitted access to the role |
| time TimeConstraint | Time provides a time constraint when assuming the policy. The assumption must occur within the alloted time frame to assume the role |
CreateAssignmentPolicy
CreateAssignmentPolicy provides the subresource options for assiging an plan/policy to a subject
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec CreateAssignmentPolicySpec |
|
CreateAssignmentPolicySpec
(Appears on: CreateAssignmentPolicy)
CreateAssignmentPolicySpec describes the assignement
| Field | Description |
|---|---|
| dryRun bool | DryRun indicates we are asking not requesting it |
| assigned Subject | Assigned indicates who the policy can can be used by |
| constraint Subject | Constraint limits who the policy can be assigned to i.e. a robot account role, scope etc |
DaysOfWeekConstraint
(Appears on: Constraints)
DaysOfWeekConstraint places a constraint on the day of week from which the role can be assumed
| Field | Description |
|---|---|
| allowed []string | Allowed are the days permitted in access i.e Mon,Tues,Wed,Thu,Fri,Sat or Sun |
| denied []string | Denied is a collection of days which are not permitted to access the role |
Decision
(Appears on: PolicyDecision)
Decision is a inline decision on the outcome of the policy
| Field | Description |
|---|---|
| action string | Action is the decision outcome i.e. allowed, denied or logged |
| message string | Message is a human readable reason for the outcome |
DeniedResult
DeniedResult indicates a denial error
| Field | Description |
|---|---|
| policy string | Policy is the name of the policy |
| code int | Code is a machine readable code indicates the error |
| field string | Field is the optional field in question |
| message string | Message is a human readable message |
| msg string | Msg is a human readable message - added to make us compatible with gatekeeper |
| value string | Value is the current value of the field |
ExpirationConstraint
(Appears on: Constraints)
ExpirationConstraint define the constraint around the session
| Field | Description |
|---|---|
| max Kubernetes meta/v1.Duration | Max is the maximum length of a session the user can assume in the wayfinder |
ExtraValue ([]string)
(Appears on: UserInfo)
ExtraValue masks the value so protobuf can generate
InputConstraint
InputConstraint provides a constriant around an input parameter
| Field | Description |
|---|---|
| name string | Name is the name of the parameter which maps onto the parameters requirement in the plan |
| resource Ownership | Resource provides an optional resource definitions to lookup and guard against |
| allowed ResourceSelector | Allowed is used to dictate the permitted values - when used in conbination with a resource lookup - the values of the parameter |
| denied ResourceSelector | Denied provides a filter around the permitted values as in input to the role |
InputType (string)
(Appears on: PolicyInput)
InputType indicates the values
LogResult
LogResult indicates the response should be logged
| Field | Description |
|---|---|
| severity string | Severity is the level of the event |
| message string | Message is the message which should be logged |
NamespaceConstraint
(Appears on: Constraints)
NamespaceConstraint places a constraint around the cluster
| Field | Description |
|---|---|
| allowed Kubernetes meta/v1.LabelSelector | Allowed is a collection of namespaces permitted access on the role |
| denied Kubernetes meta/v1.LabelSelector | Denied provides the means to denied one or more namespaces from the role |
NetworkConstraint
(Appears on: Constraints)
NetworkConstraint provides a collection of network ranges which the user can come from
| Field | Description |
|---|---|
| allowed []string | Allowed is a collection of network which they must originate from |
| denied []string | Denied is a collection of networks cidrs which will be denied regardless |
Object (map[string]interface{})
(Appears on: AdmissionRequest)
PlanInput
PlanInput describes an input
| Field | Description |
|---|---|
| name string | Name of the variable for this input |
| value string | Value is value of the input |
| values []string | Values is a collection of values for this input |
PlanPolicyRef
PlanPolicyRef is defines a reference to the policy plan that was used to create this policy
| Field | Description |
|---|---|
| name string | Name is the name of the policy plan |
| version string | Version is a hash of the policy plan configuration so we know when we have strays from the version |
PolicyDecision
(Appears on: PolicyPlanSpec, PolicySpec, PolicyTemplate)
PolicyDecision defines the structure of a inline policy
| Field | Description |
|---|---|
| rolesDecision []string | RolesDecision indicates a role is provided as an outcome |
| decision Decision | Decision is an inline decision on the action |
| policy string | Policy contains the inline rego template to apply |
PolicyInput
PolicyInput describes the input required for a policy plan
| Field | Description |
|---|---|
| apiVersion string | APIVersion is the api group the resource input comes from |
| description string | Description provides a descriptive reason for why the input is required and how it’s related to the policy |
| enum []string | Enum is a collection of possible values |
| format string | Format indicates the format for of the input |
| name string | Name is the name of the input which is injected when templating out the policies |
| required bool | Required indicates the input is a required parameter |
| resource string | Resource is the resource inside the group the we need as an input |
| type InputType | Type indicates the type of value |
PolicyPlanSpec
(Appears on: PolicyPlan)
PolicyPlanSpec defines the desired state of policy
| Field | Description |
|---|---|
| description string | Description is a summary of what the plan provides |
| hints []Kubernetes meta/v1.GroupVersionResource | Hints provides a list collection of resources which might be required in the rules engine |
| inputs []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.PolicyInput | Inputs is a collection of inputs for this policy plan |
| policy PolicyDecision | Policy is the actual policy document associated to the plan |
| selectors []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.Selector | Selectors are optional filters which can be used to filter the target Deprecated, use the spec.templates of this policy - essentially it’s a list of filters which can be used i.e I can be applied to all Plans or all clusters |
| templates []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.PolicyTemplate | Templates is a collection of templates used to generate polices on behalf of the subject |
| target Target | Target is a target for this policy i.e. wayfinder api or one or more clusters |
PolicyPlanStatus
(Appears on: PolicyPlan)
PolicyPlanStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
PolicyReference
(Appears on: PolicySpec)
PolicyReference is used to reference an inbuilt policy document
| Field | Description |
|---|---|
| name string | Name is the name of inbult policy we are referring to |
| namespace string | Namespace is the namespace the policy plan exists in |
PolicySpec
(Appears on: Policy)
PolicySpec defines the desired state of policy
| Field | Description |
|---|---|
| inputs k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Inputs are parameters to the plan templates |
| hints []Kubernetes meta/v1.GroupVersionResource | Hints provides a list collection of resources which might be required in the rules engine |
| policy PolicyDecision | Policy defines the policy definition itself |
| policyRef PolicyReference | PolicyRef is used to refer to an inbuild wayfinder policy rather than defining a inline policy - we find the plan and copy onto the status for reference and implementation |
| selectors []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.Selector | Selectors is the resource we are filtering on |
| target Target | Target is the essentially the location the policy should be positioned If no target is supplied we assume it’s destined to the wayfinder api |
PolicyStatus
(Appears on: Policy)
PolicyStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| plan PolicyPlan | Plan is a copy of the plans the policy is based on if any |
| planRevision int64 | PlanRevision is the revision of the parent plan |
PolicyTemplate
PolicyTemplate describes a policy template
| Field | Description |
|---|---|
| name string | Name is a descriptive name of the policy template |
| disableSubjectInjection bool | DisableSubjectInjection is used to inform the controller not to inject the subjects associated to the policy |
| policy PolicyDecision | Policy is the actual policy document associated to the plan |
| selectors []*github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.Selector | Selectors are optional filters which can be used to filter the target |
| target Target | Target is a target for the for the policy - i.e the cluster or clusters the policy should be deployed. Left blank the policy is assumed to apply to the Wayfinder API server itself. |
| template string | Template is the template used to generate the the policy |
RequestOrigin
(Appears on: AdmissionRequest)
RequestOrigin are details on the where the request came from
| Field | Description |
|---|---|
| url string | URL is the incoming request url |
| headers net/http.Header | (Optional) Headers are any optonal http headers from the request |
| address string | (Optional) Address is a external address of the request |
| query net/url.Values | (Optional) Query are query parameters to the request |
ResourceSelector
(Appears on: InputConstraint)
ResourceSelector is used to filter on the labels of a resource
| Field | Description |
|---|---|
| matchLabels map[string]string | MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. |
| matchExpressions []Kubernetes meta/v1.LabelSelectorRequirement | MatchExpressions is a list of label selector requirements. The requirements are ANDed. |
| values []string | Values is provides a list of expected values which are permitted |
RobotSpec
(Appears on: Robot)
RobotSpec defines the desired state of policy
| Field | Description |
|---|---|
| description string | Description provides a short summary on the use of the robot account |
| secretRef Kubernetes core/v1.SecretReference | SecretRef is a reference to the underlying kubernetes secret |
RobotStatus
(Appears on: Robot)
RobotStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| secretRef Ownership | DEPRECATED: secret reference is no longer in use SecretRef is a reference to the underlying kubernetes secret |
| status Status | Status is overall status of the policy |
RolesConstraint
(Appears on: Constraints)
RolesConstraint places a constraint around the workspace roles
| Field | Description |
|---|---|
| allowed []string | Allowed are the workspace roles permitted to access to the role |
| denied []string | Denied are the workspace roles which are not permitted to access the role |
RolesResult
RolesResult indicates the policy as has permitted the use of a role based on the policy - this is largely used for rbac purposes
| Field | Description |
|---|---|
| policy string | Policy is the name of the policy |
| code int | Code is a machine readable code indicates the error |
| roles []string | Roles is a collection of rbac roles which have been granted from the policy |
ScopesConstraint
(Appears on: Constraints)
ScopesConstraint places a constraint around the scopes
| Field | Description |
|---|---|
| allowed []string | Allowed are the subject scopes permitted to access the role |
| denied []string | Denied are the workspace roles which are not permitted to access the role |
Selector
Selector provides a generate selector on resources
| Field | Description |
|---|---|
| namespace NamespaceSelector | Namespace is a namespace selector |
| resource ResourceSelector | Resource selects on a kubernetes resource |
| subject SubjectSelector | Subject is a subject selector |
Subject
(Appears on: AssignmentSpec, CreateAssignmentPolicySpec)
Subject is the identity we are applying the policy to
| Field | Description |
|---|---|
| groups []string | Groups is a collection of workspaces the assignment is applied |
| roles []string | Roles is a collection of roles the policies should apply |
| scopes []string | Scopes is a collection of scopes who the policy should be assigned to |
| subjects []string | Subjects is a collection of subjects the policy should be assigned to |
SubjectsConstraint
(Appears on: Constraints)
SubjectsConstraint places a constraint around the subjects
| Field | Description |
|---|---|
| allowed []string | Allowed are the days permitted in access i.e Mon,Tues,Wed,Thu,Fri,Sat or Sun |
| denied []string | Denied is a collection of days which are not permitted to access the role |
Target
(Appears on: PolicyPlanSpec, PolicySpec, PolicyTemplate)
Target is where the policy should be applied, the apiserver, or remote cluster/s
| Field | Description |
|---|---|
| selector ResourceSelector | Selector defines the location of a policy - which can be placed on a plan, workspace, cluster etc - effectively these all get plached into clusters |
TimeConstraint
(Appears on: Constraints)
TimeConstraint provides a control around the time a user can assume one of more roles in wayfinder
| Field | Description |
|---|---|
| before Kubernetes meta/v1.Time | Before indicates nothing before this time can access the role |
| after Kubernetes meta/v1.Time | After indicate the nothing after this time access the role |
UserInfo
(Appears on: AdmissionRequest)
UserInfo are details on the caller
| Field | Description |
|---|---|
| username string | (Optional) The name that uniquely identifies this user among all active users. |
| groups []string | (Optional) The names of groups this user is a part of. |
| roles []string | (Optional) Roles are the roles the user holds in the various workspaces |
| scopes []string | (Optional) Scopes indicates the scope the token i.e. user, token etc |
| extra map[string]github.com/appvia/wayfinder/pkg/apis/policy/v1alpha1.ExtraValue | (Optional) Any additional information provided by the authenticator. |
| claims k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | (Optional) Claims are jwt claims from the user token |
| attributes map[string]string | (Optional) Attributes are additional attributes on the user |
ValidationErrorResult
ValidationErrorResult indicates a validation error was found
| Field | Description |
|---|---|
| policy string | Policy is the name of the policy |
| field string | Field is the optional field in question |
| value string | Value is the current value of the field |
| allowed []string | Allowed is an optional permitted list |
| message string | Message is a human readable message |
security.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the security v1alpha1 API group
Resource Types:SecurityOverview
SecurityOverview contains a report about the current state of Wayfinder or a workspace
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | security.appvia.io/v1alpha1 | ||||||
| kind string | SecurityOverview | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec SecurityOverviewSpec |
|
SecurityRule
SecurityRule contains the definition of a security rule
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | security.appvia.io/v1alpha1 | ||||||||
| kind string | SecurityRule | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec SecurityRuleSpec |
|
SecurityScanResult
SecurityScanResult contains the result of a scan against all registered rules
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | security.appvia.io/v1alpha1 | ||||||||||||||
| kind string | SecurityScanResult | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec SecurityScanResultSpec |
|
RuleStatus (string)
(Appears on: SecurityResourceOverview, SecurityScanResultSpec, SecurityScanRuleResult)
RuleStatus values represent the possible status of compliance with a security rule.
| Value | Description |
|---|---|
"Compliant" | Compliant indicates that this target is fully compliant with the specified rule. |
"Failure" | Failure indicates that this target is uncompliant in a significant way and should be mitigated. This would typically be used for rules where compliance is considered to be vital to a well-run cluster. |
"Warning" | Warning indicates that this target is uncompliant in such a way that consideration should be made as to whether this should be remediated. This would typically be used for best practice considerations, where not being compliant isn’t necessarily a critical issue. |
SecurityOverviewSpec
(Appears on: SecurityOverview)
SecurityOverviewSpec shows the overall current security posture of Wayfinder or a workspace
| Field | Description |
|---|---|
| workspace WorkspaceKey | Workspace will be populated with the workspace key if this report is about a workspace, else unpopulated for a report for the whole of Wayfinder |
| openIssueCounts map[github.com/appvia/wayfinder/pkg/apis/security/v1alpha1.RuleStatus]uint64 | OpenIssueCounts informs how many issues of each rule status exist currently |
| resources []SecurityResourceOverview | Resources contains summaries of the open issues for each resource |
SecurityResourceOverview
(Appears on: SecurityOverviewSpec)
SecurityResourceOverview provides an overview of the open issue counts for a resource
| Field | Description |
|---|---|
| resource Ownership | Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan |
| lastChecked Kubernetes meta/v1.Time | LastChecked is the timestamp this resource was last scanned |
| overallStatus RuleStatus | OverallStatus is the overall status of this resource |
| openIssueCounts map[github.com/appvia/wayfinder/pkg/apis/security/v1alpha1.RuleStatus]uint64 | OpenIssueCounts is the summary of open issues for this resource |
SecurityRuleSpec
(Appears on: SecurityRule)
SecurityRuleSpec specifies the details of a security rule
| Field | Description |
|---|---|
| code string | Code is the unique identifier of this rule |
| name string | Name is the human-readable name of this rule |
| description string | Description is the markdown-formatted extended description of this rule. |
| appliesTo []string | AppliesTo is the list of resource types (e.g. Plan, Cluster) that this rule is applicable for |
SecurityScanResultSpec
(Appears on: SecurityScanResult)
SecurityScanResultSpec shows the overall result of a scan against all registered rules
| Field | Description |
|---|---|
| id uint64 | ID is the ID of this scan result in the data store |
| resource Ownership | Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan |
| owningWorkspace string | OwningWorkspace is the name of the workspace that owns this resource, will be empty if it is a non-workspace resource. |
| checkedAt Kubernetes meta/v1.Time | CheckedAt is the timestamp this result was determined |
| archivedAt Kubernetes meta/v1.Time | ArchivedAt is the timestamp this result was superceded by a later scan - if ArchivedAt.IsZero() is true this is the most recent scan. |
| overallStatus RuleStatus | OverallStatus indicates the worst-case status of the rules checked in this scan |
| results []*github.com/appvia/wayfinder/pkg/apis/security/v1alpha1.SecurityScanRuleResult | Results are the underlying results of the individual rules run as part of this scan |
SecurityScanRuleResult
SecurityScanRuleResult represents the compliance status of a target with respect to a specific security rule.
| Field | Description |
|---|---|
| ruleCode string | RuleCode indicates the rule that this result relates to |
| status RuleStatus | Status indicates the compliance of the target with this rule |
| message string | Message provides additional information about the status of this rule on this target, if applicable |
| checkedAt Kubernetes meta/v1.Time | CheckedAt is the timestamp this result was determined |
services.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the services v1alpha1 API group
Resource Types:- Service
- ServiceAccess
- ServiceAccessDeployment
- ServiceCatalog
- ServiceDeployment
- ServiceKind
- ServicePlan
- ServiceProvider
Service
Service is a managed service instance
| Field | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||||||
| kind string | Service | ||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||
| spec ServiceSpec |
| ||||||||||||||||
| status ServiceStatus |
|
ServiceAccess
ServiceAccess is service access parameters provisioned by a service into the target namespace It contains the endpoint of the service and access credentials if required.
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||||
| kind string | ServiceAccess | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec ServiceAccessSpec |
| ||||||||||||||
| status ServiceAccessStatus |
|
ServiceAccessDeployment
ServiceAccessDeployment is a template for a service access deployment
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||||||||
| kind string | ServiceAccessDeployment | ||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||
| spec ServiceAccessDeploymentSpec |
| ||||||||||||||||||
| status ServiceAccessDeploymentStatus |
|
ServiceCatalog
ServiceCatalog is a template for a service catalog
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||
| kind string | ServiceCatalog | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec ServiceCatalogSpec |
| ||||||||||
| status ServiceCatalogStatus |
|
ServiceDeployment
ServiceDeployment is a template for a service deployment
| Field | Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||||||||||
| kind string | ServiceDeployment | ||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||
| spec ServiceDeploymentSpec |
| ||||||||||||||||||||
| status ServiceDeploymentStatus |
|
ServiceKind
ServiceKind is a service type
| Field | Description | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||||||||||||
| kind string | ServiceKind | ||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||
| spec ServiceKindSpec |
|
ServicePlan
ServicePlan is a template for a service
| Field | Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||||||||||
| kind string | ServicePlan | ||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||
| spec ServicePlanSpec |
|
ServiceProvider
ServiceProvider is a template for a service provider
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | services.appvia.io/v1alpha1 | ||||||||||||
| kind string | ServiceProvider | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec ServiceProviderSpec |
| ||||||||||||
| status ServiceProviderStatus |
|
ClusterSelector
(Appears on: ServiceDeploymentSpec)
ClusterSelector is a way to define conditions to identify a group of clusters
| Field | Description |
|---|---|
| kinds []string | Kinds defines the cluster kinds this deployment applies to If empty, the cluster kind is not filtered |
| workspaces WorkspaceKeys | Workspaces defines the workspaces this deployment applies to If empty, the workspace is not filtered |
| LabelSelector Kubernetes meta/v1.LabelSelector | (Members of LabelSelector are embedded into this type.) LabelSelector is a cluster label selector |
ServiceAccessDeploymentSpec
(Appears on: ServiceAccessDeployment)
ServiceAccessDeploymentSpec defines the desired state of a service catalog
| Field | Description |
|---|---|
| displayName string | DisplayName overrides the name to display |
| summary string | Summary provides a short title summary for the deployment |
| description string | Description is a detailed description of the service access deployment |
| serviceDeployment Ownership | ServiceDeployment contains the reference to the service deployment object |
| clusterNamespace string | ClusterNamespace is the target namespace in the cluster where the secret will be created |
| secretName string | SecretName is the Kubernetes Secret’s name that will contain the service access information |
| secretTemplate string | SecretTemplate defines in what format the secrets should be stored If empty, the secrets will be stored as key values If a YAML template is provided using Go templating, the compiled template will be set under a “values.yaml” key The secrets can be referenced using ‘{ '{{' } index .Values “SECRET_PARAM” { '}}' }’ Helm template functions can also be used |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the configuration values for this service access It will be used by the service provider to provision the service access |
| serviceAccessName string | ServiceAccessName is the name of the service access in each cluster If empty it defaults to the name of the service access deployment |
ServiceAccessDeploymentStatus
(Appears on: ServiceAccessDeployment)
ServiceAccessDeploymentStatus defines the observed state of a service access deployment
| Field | Description |
|---|---|
| status Status | Status is the overall status of the service |
| message string | Message is the description of the current status |
| components Components | Components is a collection of component statuses |
ServiceAccessSpec
(Appears on: ServiceAccess)
ServiceAccessSpec defines the the desired status for a service access
| Field | Description |
|---|---|
| kind string | Kind refers to the service type |
| service Ownership | Service contains the reference to the service object |
| cluster Ownership | Cluster contains the reference to the cluster where the access parameters will be saved as a secret |
| clusterNamespace string | ClusterNamespace is the target namespace in the cluster where the secret will be created |
| secretName string | SecretName is the Kubernetes Secret’s name that will contain the service access information If not set the secret’s name will default to |
| secretTemplate string | SecretTemplate defines in what format the secrets should be stored If empty, the secrets will be stored as key values If a YAML template is provided using Go templating, the compiled template will be set under a “values.yaml” key The secrets can be referenced using ‘{ '{{' } index .Values “SECRET_PARAM” { '}}' }’ Helm template functions can also be used |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the configuration values for this service access It will be used by the service provider to provision the service access |
ServiceAccessStatus
(Appears on: ServiceAccess)
ServiceAccessStatus defines the observed state of a service
| Field | Description |
|---|---|
| components Components | Components is a collection of component statuses |
| status Status | Status is the overall status of the service |
| message string | Message is the description of the current status |
| providerID string | ProviderID is the service access identifier in the service provider DEPRECATED: Do not use, we should not store any external identifiers on the status |
| providerData k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | ProviderData is provider specific data |
ServiceCatalogSpec
(Appears on: ServiceCatalog)
ServiceCatalogSpec defines the desired state of a service catalog
| Field | Description |
|---|---|
| displayName string | DisplayName overrides the name to display |
| summary string | Summary provides a short title summary for the catalog |
| description string | Description is a detailed description of the service catalog |
| url string | URL is the URL of the service catalog |
| serviceKindPrefix string | ServiceKindPrefix is the prefix to add to all created service kinds |
ServiceCatalogStatus
(Appears on: ServiceCatalog)
ServiceCatalogStatus defines the observed state of a service catalog
| Field | Description |
|---|---|
| status Status | Status is the overall status of the service |
| message string | Message is the description of the current status |
ServiceDeploymentSpec
(Appears on: ServiceDeployment)
ServiceDeploymentSpec defines the desired state of a service catalog
| Field | Description |
|---|---|
| displayName string | DisplayName overrides the name to display |
| summary string | Summary provides a short title summary for the deployment |
| description string | Description is a detailed description of the service deployment |
| kind string | Kind refers to the service type |
| plan string | Plan is the name of the service plan which is used to create the services |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the configuration values for the created service It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and service configuration |
| configurationFrom ConfigurationFromSourceList | ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration |
| clusterSelector ClusterSelector | ClusterSelector defines in which clusters should we install the given service |
| clusterNamespace string | ClusterNamespace is the target namespace in the clusters where there the service will be created |
| serviceName string | ServiceName is the name of the service in each cluster If empty it defaults to the name of the service deployment |
ServiceDeploymentStatus
(Appears on: ServiceDeployment)
ServiceDeploymentStatus defines the observed state of a service deployment
| Field | Description |
|---|---|
| status Status | Status is the overall status of the service |
| message string | Message is the description of the current status |
| components Components | Components is a collection of component statuses |
ServiceKindSpec
(Appears on: ServiceKind)
ServiceKindSpec defines the state of a service kind
| Field | Description |
|---|---|
| type string | Type is the service type, used by the service providers to decide how to handle the service kind |
| enabled bool | Enabled is true if the service kind can be used |
| serviceAccessEnabled bool | ServiceAccessEnabled is true if the service provider can create service access for this service kind |
| displayName string | DisplayName refers to the display name of the service type |
| summary string | Summary provides a short title summary for the service kind |
| description string | Description is a detailed description of the service kind |
| imageURL string | ImageURL is a thumbnail for the service kind |
| documentationURL string | DocumentationURL refers to the documentation page for this service |
| schema string | Schema is the JSON schema for the plan |
| accessSchema string | AccessSchema is the JSON schema for a service access |
| providerData k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | ProviderData is provider specific data |
ServicePlanSpec
(Appears on: ServicePlan)
ServicePlanSpec defines the desired state of Service plan
| Field | Description |
|---|---|
| kind string | Kind refers to the service type this is a plan for |
| serviceAccessDisabled bool | ServiceAccessDisabled is true if service access is disabled for services using this plan It only has an effect if service access is enabled on the service kind |
| displayName string | DisplayName refers to the display name of the service type |
| labels map[string]string | Labels is a collection of labels for this plan |
| summary string | Summary provides a short title summary for the plan |
| description string | Description is a detailed description of the service plan |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the key+value pairs describing a service configuration |
| schema string | Schema is the JSON schema for the plan |
| accessSchema string | AccessSchema is the JSON schema for service access |
| providerData k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | ProviderData is provider specific data |
ServiceProviderSpec
(Appears on: ServiceProvider)
ServiceProviderSpec defines the desired state of a Service provider
| Field | Description |
|---|---|
| type string | Type refers to the service provider type |
| summary string | Summary provides a short title summary for the provider |
| description string | Description is a detailed description of the service provider |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the key+value pairs describing a service provider |
| configurationSchema string | ConfigurationSchema is the $id of the configuration’s JSON schema |
| configurationFrom ConfigurationFromSourceList | ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration |
ServiceProviderStatus
(Appears on: ServiceProvider)
ServiceProviderStatus defines the observed state of a service provider
| Field | Description |
|---|---|
| status Status | Status is the overall status of the service |
| message string | Message is the description of the current status |
| components Components | Components is a collection of component statuses |
| supportedTypes []string | SupportedTypes contains all the supported service types |
ServiceSpec
(Appears on: Service)
ServiceSpec defines the desired state of a service
| Field | Description |
|---|---|
| kind string | Kind refers to the service type |
| plan string | Plan is the name of the service plan which was used to create this service |
| cluster Ownership | Cluster contains the reference to the cluster where the service will be created |
| clusterNamespace string | ClusterNamespace is the target namespace in the cluster where the service will be created |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the configuration values for this service It will contain values from the plan + overrides by the user This will provide a simple interface to calculate diffs between plan and service configuration |
| configurationFrom ConfigurationFromSourceList | ConfigurationFrom is a way to load configuration values from alternative sources, e.g. from secrets The values from these sources will override any existing keys defined in Configuration |
ServiceStatus
(Appears on: Service)
ServiceStatus defines the observed state of a service
| Field | Description |
|---|---|
| components Components | Components is a collection of component statuses |
| status Status | Status is the overall status of the service |
| message string | Message is the description of the current status |
| providerID string | ProviderID is the service identifier in the service provider DEPRECATED: Do not use, we should not store any external identifiers on the status |
| providerData k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | ProviderData is provider specific data |
| plan string | Plan is the name of the service plan which was used to create this service |
| configuration k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Configuration are the applied configuration values for this service |
| serviceAccessEnabled bool | ServiceAccessEnabled is true if service access is enabled for this service |
This page was automatically generated with gen-crd-api-reference-docs