Custom Resource Definitions
Packages
- accountfactory.appvia.io/v2beta1
- app.appvia.io/v2beta1
- cloudaccess.appvia.io/v2beta1
- cloudresources.appvia.io/v2beta1
- compute.appvia.io/v2beta1
- config.appvia.io/v1alpha1
- core.appvia.io/v1alpha1
- costs.appvia.io/v1alpha1
- dns.appvia.io/v2beta1
- networking.appvia.io/v2beta1
- org.appvia.io/v2beta1
- package.appvia.io/v2beta1
- policydelivery.appvia.io/v1alpha1
- security.appvia.io/v1alpha1
accountfactory.appvia.io/v2beta1
Package v2beta1 contains API Schema definitions for the cloud account factory API group
Resource Types:CloudOrg
CloudOrg represents a cloud organisation to use for cloud account factorying
| Field | Description | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | accountfactory.appvia.io/v2beta1 | ||||||||||||||||||||||
| kind string | CloudOrg | ||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||
| spec CloudOrgSpec |
| ||||||||||||||||||||||
| status CloudOrgStatus |
|
ManagedCloudAccount
ManagedCloudAccount represents a request for a cloud account to come into existence for a workspace
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | accountfactory.appvia.io/v2beta1 | ||||||||||
| kind string | ManagedCloudAccount | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec ManagedCloudAccountSpec |
| ||||||||||
| status ManagedCloudAccountStatus |
|
AWSAccountStatus
(Appears on: ProviderStatus)
AWSAccountStatus provides status specific to AWS accounts
| Field | Description |
|---|---|
| serviceCatalogProvisioningID string | ServiceCatalogProvisioningID is the Control Tower Account Factory Service Catalog provisioning record ID. If set, creation is being tracked. Relevant only to managed AWS accounts |
AWSOrganizationParameters
(Appears on: CloudOrgProviderDetails)
AWSOrganizationParameters provides the specific parameters for an AWS organisation account
| Field | Description |
|---|---|
| ssoUser AWSSSOUser | SSOUser is the user who will be the organisational account owner for all accounts. Required before this organization can be used |
| ouName string | OUName is the name of the parent Organizational Unit (OU) to use for provisioning accounts Required before this organization can be used |
| region string | Region is the region where control tower is enabled in the master account Required before this organization can be used |
| userRoles map[string]string | UserRoles contains the ARNs of stacksets to create instances of in each managed account |
AWSSSOUser
(Appears on: AWSOrganizationParameters)
AWSSSOUser describes the details required to identify an AWS SSO user to user for all accounts
| Field | Description |
|---|---|
| email string | Email is the unique user email address specified for the AWS SSO user Required before this organization can be used |
| firstName string | FirstName is the firstname(s) field for an AWS SSO user Required before this organization can be used |
| lastName string | LastName is the last name of an SSO user Required before this organization can be used |
AzureTenantParameters
(Appears on: CloudOrgProviderDetails)
AzureTenantParameters provides the specific parameters for an Azure tenant (organisation) account
| Field | Description |
|---|---|
| agreementType string | AgreementType defines whether we’re building subscriptions in an MCA or Enterprise Agreement backed Azure setup |
| ownerObjectID string | OwnerObjectID specifies the Object ID of an Azure AD group, user or service principal to grant Owner privilege on all created subscriptions. This is required to ensure that generated subscriptions are owned by an object controlled by your company. Example: 8bf96a8f-abcd-ef12-a389-883d6116a5da |
| contributorObjectID string | ContributorObjectID specifies an optional object ID of an Azure AD group, user or service principal to grant Contributor privilege on all created subscriptions. Example: 8bf96a8f-dcef-abc1-a389-883d6116a5da |
| managementGroupID string | ManagementGroupID specifies an optional ID of an Azure Management Group in which subscriptions created by Wayfinder should be placed. Example: wf-subscription-mgt-group |
| billingAccount string | BillingAccount is the billing account identifier. Required for both agreement types. Example (super-catchy, isn’t it): aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 |
| enrollmentAccount string | EnrollmentAccount defines for an Enterprise Agreement agreement type which enrollment account to create subscriptions within. Required for EA. Example: 7654321 |
| billingProfile string | BillingProfile defined for an MCA agreement type which billing profile contains the invoice section you wish subscriptions to be created in. Required for MCA. Example: AW4F-APQW-0AH-ABC |
| invoiceSection string | InvoiceSection defines for an MCA agreement type which invoice section to create subscriptions within inside the selected BillingProfile. Required for MCA. Example: PQRS-ALDS-012-DEF |
CloudAccountNamingRule
(Appears on: CloudOrgSpec)
CloudAccountNamingRule describes the rules for naming a child account based on the selected plan
| Field | Description |
|---|---|
| name string | Name is the given name of the rule |
| description string | Description provides an optional description for the account rule |
| stages []string | Stages is a list of stages permitted |
| suffix string | Suffix is the applied suffix |
| prefix string | Prefix is a prefix for the account name |
CloudOrgProviderDetails
(Appears on: CloudOrgSpec)
CloudOrgProviderDetails provides parameters that are specific to a particular type of cloud account
| Field | Description |
|---|---|
| type ProviderType | |
| gcp GCPOrganizationParameters | (Optional) GCP holds parameters specific to GCP organization accounts. Present only if type is GCP. |
| aws AWSOrganizationParameters | (Optional) AWS holds parameters specific to AWS organization accounts. Present only if type is AWS. |
| azure AzureTenantParameters | (Optional) Azure holds parameters specific to Azure tenant accounts. Present only if type is Azure. |
CloudOrgSpec
(Appears on: CloudOrg)
CloudOrgSpec defines the specification of an org to use for factorying cloud accounts
| Field | Description |
|---|---|
| name string | Name is a unique human-readable name for this organisation |
| cloud string | Cloud defines which cloud provider this account is for |
| orgIdentifier string | OrgIdentifier must be populated with the identifier for the organization - for example, AWS Master Account ID, Azure Tenant ID, GCP Organization ID. |
| accountIdentifier string | The account ID/subscription ID/project ID to place shared org-wide resources such as DNS root zones, etc. For AWS this must be the same AWS Master Account ID used for OrgIdentifier. |
| identityCred CloudIdentityReference | IdentityCred is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this organization. Will be populated by Wayfinder with the default identity cred for this cloud if unspecified on entry. |
| roles []CloudAccessConfigRole | Roles defines a set of identities which Wayfinder should assume in order to perform account management functionality. |
| defaultRegion string | DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth |
| providerDetails CloudOrgProviderDetails | ProviderDetails provides additional fields which can be used for cloud-provider specific data, such as a GCP billing account ID. |
| stages []string | Stages lists the stages that this org may be used for |
| namingRules []CloudAccountNamingRule | NamingRules describes how to name child accounts based on the plan chosen. account. |
| allocation ResourceAllocation | Allocation describes which workspaces can use this cloud org. |
CloudOrgStatus
(Appears on: CloudOrg)
CloudOrgStatus defines the status of a cloud org
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
GCPOrganizationParameters
(Appears on: CloudOrgProviderDetails)
GCPOrganizationParameters provides the specific parameters for a GCP organisation account
| Field | Description |
|---|---|
| parentType string | ParentType is the type of parent this project has Valid types are: “organization”, “folder”, and “project” |
| billingAccount string | BillingAccountName is the resource name of the billing account associated with the project e.g. ‘012345-567890-ABCDEF’ |
ManagedCloudAccountSpec
(Appears on: ManagedCloudAccount)
ManagedCloudAccountSpec defines a request for a cloud account to exist
| Field | Description |
|---|---|
| name string | Name is the unique name of the account to create. Populate to set a custom name, will be derived from the organization naming rules if unspecified. |
| cloud string | Cloud defines which cloud provider the account is being requested for. Must be specified and must match the cloud of the specified CloudOrg. |
| stage string | Stage is the lifecycle stage to create the cloud account for. |
| cloudOrg string | CloudOrg is a reference to the cloud organization in which to create the cloud account |
| features []string | Features is the set of features to enable on the managed cloud account |
ManagedCloudAccountStatus
(Appears on: ManagedCloudAccount)
ManagedCloudAccountStatus defines the observed state of the provisioned account
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef is the reference to the generated cloud access configuration |
| identifier string | Identifier is the assigned account ID / project ID / subscription ID |
| providerStatus ProviderStatus | ProviderStatus can be populated with provider-specific status information, particularly relevant on accounts of type managed. |
ProviderStatus
(Appears on: ManagedCloudAccountStatus)
ProviderStatus provides status fields specific to a cloud provider
| Field | Description |
|---|---|
| type ProviderType | |
| awsAccount AWSAccountStatus | (Optional) AWS holds status specific to AWS accounts. |
ProviderType (string)
(Appears on: CloudOrgProviderDetails, ProviderStatus)
ProviderType represents the concrete type of organization that a CloudOrg represents
| Value | Description |
|---|---|
"AWS" | ProviderTypeAWS is a root organization master account for AWS account management |
"Azure" | ProviderTypeAzure is a root organization tenant for Azure subscription management |
"GCP" | ProviderTypeGCP is a root organization for GCP project management |
app.appvia.io/v2beta1
Package v1alpha1 contains API Schema definitions for the CloudAccess API group
Resource Types:AppEnv
AppEnv represents a deployable environment for an application - i.e. a namespace for the application’s usage.
| Field | Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | app.appvia.io/v2beta1 | ||||||||||||||||||||
| kind string | AppEnv | ||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||
| spec AppEnvSpec |
| ||||||||||||||||||||
| status AppEnvStatus |
|
Application
Application represents an application you are planning to use Wayfinder to serve environments for.
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | app.appvia.io/v2beta1 | ||||||||||
| kind string | Application | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec ApplicationSpec |
| ||||||||||
| status ApplicationStatus |
|
AppEnvCloudResourceStatus
(Appears on: AppEnvDeployedComponentStatus)
| Field | Description |
|---|---|
| plan string | Plan identifies the cloud resource plan used for this cloud resource |
| ready bool | Ready indicates whether the cloud resource represented by this component is in sync with the definition last deployed - i.e. the actual cloud resource is present and correct. |
| moduleVersion string | ModuleVersion identifies which Terraform version of the module was used to build this cloud resource. |
AppEnvDeployedComponentStatus
(Appears on: AppEnvDeploymentStatus)
AppEnvDeployedComponentStatus defines the status of a specific app component in the environment
| Field | Description |
|---|---|
| component string | Component identifies which component this status is about. |
| componentType ApplicationComponentType | ComponentType defines what type of component this is. |
| exposed bool | Exposed will be true if this component is accessible outside the cluster, i.e. has an ingress. |
| tls bool | TLS will be true if this component has TLS enabled (only relevant if exposed is true) |
| deployed bool | Deployed will be true if this component is deployed in this environment. |
| pods []AppEnvPodStatus | Pods gives a detailed status for each pod for this component in the environment. |
| podsReady int | PodsReady shows how many pods are in a ready state for this component in the environment. |
| podsTotal int | PodsTotal shows how many pods are present for this component in the environment. |
| endpoint string | Endpoint identifies the DNS endpoint for this component, if exposed. |
| certReady bool | CertReady indicates if the HTTPS certificate is ready, if exposed and TLS is enabled. |
| cloudResource AppEnvCloudResourceStatus | CloudResource identifies the status of the cloud resource associated with this component, when the component type is CloudResource. |
AppEnvDeploymentStatus
(Appears on: AppEnvStatus)
| Field | Description |
|---|---|
| deployed bool | Deployed will be true if one or more components are deployed to this environment |
| components []AppEnvDeployedComponentStatus | Components describes the status of the deployed components |
AppEnvPodStatus
(Appears on: AppEnvDeployedComponentStatus)
AppEnvPodStatus is a cut-down version of a full pod status
| Field | Description |
|---|---|
| phase Kubernetes core/v1.PodPhase | The phase of a Pod is a simple, high-level summary of where the Pod is in its lifecycle. The conditions array, the reason and message fields, and the individual container status arrays contain more detail about the pod’s status. There are five possible phase values: Pending: The pod has been accepted by the Kubernetes system, but one or more of the container images has not been created. This includes time before being scheduled as well as time spent downloading images over the network, which could take a while. Running: The pod has been bound to a node, and all of the containers have been created. At least one container is still running, or is in the process of starting or restarting. Succeeded: All containers in the pod have terminated in success, and will not be restarted. Failed: All containers in the pod have terminated, and at least one container has terminated in failure. The container either exited with non-zero status or was terminated by the system. Unknown: For some reason the state of the pod could not be obtained, typically due to an error in communicating with the host of the pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase |
| conditions []Kubernetes core/v1.PodCondition | Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions |
| message string | A human readable message indicating details about why the pod is in this condition. |
| reason string | A brief CamelCase message indicating details about why the pod is in this state. e.g. ‘Evicted’ |
| initContainerStatuses []Kubernetes core/v1.ContainerStatus | The list has one entry per init container in the manifest. The most recent successful init container will have ready = true, the most recently started container will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status |
| containerStatuses []Kubernetes core/v1.ContainerStatus | The list has one entry per container in the manifest. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status |
AppEnvSpec
(Appears on: AppEnv)
AppEnvSpec defines an environment for an application
| Field | Description |
|---|---|
| cloud string | Cloud defines which cloud provider this application is being developed for. |
| application string | Application is the name of the application that this environment belongs to. |
| name string | Name is the unique (within the application) human-readable name for this environment. |
| key string | Key is a unique (within the appliction), short DNS-compatible name for this environment. If unspecified on creation a suitable value will be derived from the name. If specified, it will be validated for uniqueness on entry. |
| clusterRef Ownership | ClusterRef defines the cluster on which this application environment should be hosted. Either ClusterPlan or ClusterRef must be specified. If unspecified, the reference to the created cluster will be set by Wayfinder. |
| plan string | Plan is the name of the plan to use to build a new cluster for this environment. This cannot be changed after the AppEnv is requested. One of ClusterRef or Plan must be set to create an app environment. |
| region string | Region is the cloud region in which to place this appenv. Only applicable when using a plan, will be ignored if ClusterRef points to an existing cluster. |
| namespace string | Namespace is the requested name for the environment’s namespace on the specified cluster. If unpopulated, Wayfinder will auto-populate this with a sensible name on entry. |
| stage string | Stage is the infrastructure stage to which this environment belongs |
| order int | Order gives a numeric ordering of this environment, used to sort environments in a logical sequence. If two environments for an app have the same order, their display order is undefined and may change. |
AppEnvStatus
(Appears on: AppEnv)
AppEnvStatus defines the status of an application environment
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| clusterDomain string | ClusterDomain is the full domain delegated to the host cluster of this environment. This is useful to understand how wildcard certificates and DNS entries can be generated. Application components should use DNSZone, not ClusterDomain, as their suffix. |
| dnsZone string | DNSZone is the DNS zone which should be used for this environment. |
| dnsZoneDedicated bool | DNSZoneDedicated will be true if the DNS zone provided is dedicated to this specific appenv. |
| certIssuers []string | CertIssuers are the certificate issuers which can be used in this app env |
| ingressClasses []IngressClass | IngressClasses are the ingress classes which can be used in the app env |
| deployment AppEnvDeploymentStatus | Deployment shows the deployed status of the app to this environment. The deployment status will be updated approximately once per minute, to get up to date status, call the deploystatus subresource API of the appenv. |
| deploymentLastChecked Kubernetes meta/v1.Time | DeploymentLastChecked identifies when the deployment status of this app was last checked. |
ApplicationComponent
(Appears on: ApplicationSpec)
ApplicationComponent defines a component of an application
| Field | Description |
|---|---|
| name string | Name is the unique name for this component within the application. |
| key string | Key is a unique (within the app) DNS-compatible name for this component. If unspecified on creation a suitable value will be derived from the name. If specified, it will be validated for uniqueness on entry. |
| type ApplicationComponentType | Type is the component type |
| container ApplicationComponentContainer | Container defines the settings for a container component, required if Type is Container |
| cloudResource ApplicationComponentCloudResource | CloudResource defines the settings for a cloud resource component, required if Type is CloudResource |
| dependsOn []string | DependsOn is a list of other components that this component depends on - e.g. if this is a container component and needs access to the outputs of a cloud resource, place the name of the cloud resource component here. |
ApplicationComponentCloudResource
(Appears on: ApplicationComponent)
ApplicationComponentCloudResource defines the specification of a dependency component.
| Field | Description |
|---|---|
| plan string | Plan identifies the cloud resource plan to use for this cloud resource |
| variables k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON | Variables is a set of variables to provide to the associated Terraform module when applying. This will be validated against the policy on the specified plan, and override any values provided in that plan. |
ApplicationComponentContainer
(Appears on: ApplicationComponent)
ApplicationComponentContainer defines the specification of a container component
| Field | Description |
|---|---|
| image string | Image is the fully-specified container image to use for this component |
| port int | Port is the primary port this component exposes to other components or for external traffic |
| expose bool | Expose makes this component available outside the cluster by creating an ingress for it |
| tls bool | TLS ensures that the component is exposed with an HTTPS TLS certificate (only relevant if expose is true) |
| whitelist []string | Whitelist, if set, will restrict access to the specified IP ranges, specified in CIDR notation (only relevant if expose is true) |
| env []ContainerEnvVariable | Env is a set of environment variables to expose in this container |
ApplicationComponentType (string)
(Appears on: AppEnvDeployedComponentStatus, ApplicationComponent)
ApplicationComponentType defines the type of a component
| Value | Description |
|---|---|
"CloudResource" | ApplicationComponentTypeCloudResource defines a component which provides a cloud resource to your other components, such as a database, key-value store or messaging system. These will be serviced by cloud resource plans. |
"Container" | ApplicationComponentTypeContainer defines a component served by a single container, typically this would be for your own application components. |
"OwnManifests" | ApplicationComponentTypeOwnManifests defines a component served by a set of Kubernetes manifests, Helm charts, or other native Kubernetes tooling provided by the user. Wayfinder will not provide deployment manifests for this component. |
ApplicationSpec
(Appears on: Application)
ApplicationSpec defines the specification of the app
| Field | Description |
|---|---|
| name string | Name is the human-readable name for this application. |
| key string | Key is a system-wide unique DNS-compatible name for this application. If unspecified on creation a suitable value will be derived from the name. If specified, it will be validated for uniqueness on entry. |
| description string | Description is an optional longer human-readable description of this application to help users understand a bit about it. |
| cloud string | Cloud defines which cloud provider this application is being developed for. |
| components []ApplicationComponent | Components are the definition of the components that make up this application. These are optional, but if specified, Wayfinder can generate example manifests for your application with the components wired together. |
ApplicationStatus
(Appears on: Application)
ApplicationStatus defines the status of an application
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
ContainerEnvVariable
(Appears on: ApplicationComponentContainer)
| Field | Description |
|---|---|
| name string | Name is the name of the environment variable to set in the container |
| value string | Value is a hard-coded value that this environment variable should always have |
| fromCloudResourceOutput VariableFromCloudResource | FromCloudResourceOutput gets the value from a dependent cloud resource component’s outputs |
IngressClass
(Appears on: AppEnvStatus)
| Field | Description |
|---|---|
| class string | Class is the name of the ingress class |
| namespace string | Namespace is the namespace the ingress controller is in |
VariableFromCloudResource
(Appears on: ContainerEnvVariable)
| Field | Description |
|---|---|
| componentName string | ComponentName is the name of another component in this application representing the value |
| output string | Output is the name of the environment variable in the cloud resource outputs that you want as the value of the environment variable |
cloudaccess.appvia.io/v2beta1
Package v1alpha1 contains API Schema definitions for the CloudAccess API group
Resource Types:CloudAccessConfig
(Appears on: CloudAccessConfigAndIAM)
CloudAccessConfig represents an account/project/subscription in a cloud provider which Wayfinder has access to
| Field | Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudaccess.appvia.io/v2beta1 | ||||||||||||||||||||
| kind string | CloudAccessConfig | ||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||
| spec CloudAccessConfigSpec |
| ||||||||||||||||||||
| status CloudAccessConfigStatus |
|
CloudIdentity
CloudIdentity represents an identity that Wayfinder can use to access a cloud. This represents the initial identity Wayfinder uses - it will assume into various roles from this identity as dictated by the relevant CloudAccessConfig role.
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudaccess.appvia.io/v2beta1 | ||||||||||||||
| kind string | CloudIdentity | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec CloudIdentitySpec |
| ||||||||||||||
| status CloudIdentityStatus |
|
WorkloadIdentity
WorkloadIdentity represents an identity for a kubernetes workload in a specific cloud provider / cloud account
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudaccess.appvia.io/v2beta1 | ||||||||||||||||||
| kind string | WorkloadIdentity | ||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||
| spec WorkloadIdentitySpec |
| ||||||||||||||||||
| status WorkloadIdentityStatus |
|
AWSAccountStatus
(Appears on: ProviderStatus)
AWSAccountStatus provides status specific to AWS accounts
| Field | Description |
|---|---|
| serviceCatalogProvisioningID string | ServiceCatalogProvisioningID is the Control Tower Account Factory Service Catalog provisioning record ID. If set, creation is being tracked. Relevant only to managed AWS accounts |
AWSIAM
(Appears on: IAMRoles)
AWSIAM is a collection of AWS roles and policies
| Field | Description |
|---|---|
| accountID string | |
| features []string | |
| iam []AWSRoleWithPolicies |
AWSPolicy
(Appears on: AWSRoleWithPolicies)
| Field | Description |
|---|---|
| description string | |
| path string | |
| policyName string | |
| policyDocument k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON |
AWSRole
(Appears on: AWSRoleWithPolicies)
| Field | Description |
|---|---|
| assumeRolePolicyDocument k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | |
| description string | |
| path string | |
| roleName string |
AWSRolePolicyAttachments
(Appears on: AWSRoleWithPolicies)
| Field | Description |
|---|---|
| roleName string | |
| policyArn string |
AWSRoleWithPolicies
(Appears on: AWSIAM)
AWSRoleWithPolicies is a collection of AWS roles and policies
| Field | Description |
|---|---|
| wayfinderRoleName string | |
| role AWSRole | |
| policies []AWSPolicy | |
| rolePolicyAttachments []AWSRolePolicyAttachments |
AWSWorkloadIdentityParameters
(Appears on: WorkloadIdentityProviderDetails)
AWSWorkloadIdentityParameters is the parameters for an AWS workload identity
| Field | Description |
|---|---|
| iamPolicies []string | (Optional) IAMPolicies defines a list of (additional) IAM policies to bind to the workload identity role It is assumed that these will exist in the target AWS account for the cluster, therefore use either built-in AWS-managed policies or make sure that your process for managing policies in your accounts will always ensure these policies exist in any account this package may be deployed into. For AWS-managed policies, specify the full ARN (e.g. arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess) For self-managed policies, specify the ARN without an account ID (e.g. arn:aws:iam:::policy/myorg-policy-s3-write) |
| customIAMPolicy k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | CustomIAMPolicy defines an additional dedicated IAM policy to create and bind to this workload identity. |
AzureApplication
(Appears on: AzureServicePrincipal)
| Field | Description |
|---|---|
| tenantID string | |
| displayName string |
AzureIAM
(Appears on: IAMRoles)
AzureIAM is a collection of Azure role definitions and role assignments
| Field | Description |
|---|---|
| subscriptionID string | |
| features []string | |
| iam []AzureIdentityAndRoleDefinitions |
AzureIdentity
| Field | Description | ||||
|---|---|---|---|---|---|
| name string | |||||
| spec struct{ResourceID string "json:\"resourceID\""; ClientID string "json:\"clientID\""} |
|
AzureIdentityAndRoleDefinitions
(Appears on: AzureIAM)
AzureIdentityAndRoleDefinitions is an Azure Identity with a role definition and assignment
| Field | Description |
|---|---|
| wayfinderRoleName string | |
| managedIdentity AzureManagedIdentity | |
| servicePrincipal AzureServicePrincipal | |
| roleDefinition AzureRoleDefinition |
AzureIdentityBinding
| Field | Description | ||||
|---|---|---|---|---|---|
| name string | |||||
| spec struct{Selector string "json:\"selector\""; AzureIdentity string "json:\"azureIdentity\""} |
|
AzureManagedIdentity
(Appears on: AzureIdentityAndRoleDefinitions)
| Field | Description |
|---|---|
| identityName string |
AzureRoleAssignment
| Field | Description |
|---|---|
| subscriptionID string | |
| roleName string | |
| identityName string | |
| assignmentScopes []string | AssignmentScopes are the scopes to which the role assignment applies. |
AzureRoleDefinition
(Appears on: AzureIdentityAndRoleDefinitions)
| Field | Description |
|---|---|
| roleName string | |
| description string | |
| permissions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | |
| assignableScopes []string |
AzureServicePrincipal
(Appears on: AzureIdentityAndRoleDefinitions)
| Field | Description |
|---|---|
| name string | |
| application AzureApplication |
AzureWorkloadIdentityParameters
(Appears on: WorkloadIdentityProviderDetails)
AzureWorkloadIdentityParameters is the parameters for an Azure workload identity
| Field | Description |
|---|---|
| podSelector string | PodSelector specifies the unique string that will be set on the Identity This allows AAD Pod Identity to find the pods that are associated with it. |
Binding
(Appears on: GCPOrgBindings, GCPProjectBindings, GCPServiceAccountBinding)
| Field | Description |
|---|---|
| role string | |
| members []string |
CloudAccessConfigAndIAM
CloudAccessConfigAndIAM represents any updates to a cloud access config required and IAM roles
| Field | Description |
|---|---|
| cloudAccessConfig CloudAccessConfig | CloudAccessConfig is the cloud access config with updates for roles required for the features requested |
| iam IAMRoles | IAM represents the IAM objects required to provide access for Wayfinder roles |
CloudAccessConfigReference
(Appears on: ManagedCloudAccountStatus, WorkloadIdentitySpec, ClusterSpec, CostImportSpec, DNSZoneSpec, NetworkFabricSpec, PeeringRuleSpec, PeeringSpec)
| Field | Description |
|---|---|
| namespace string | |
| name string |
CloudAccessConfigRole
(Appears on: CloudOrgSpec, CloudAccessConfigSpec)
| Field | Description |
|---|---|
| role string | Role is the Wayfinder cloud role that this access configuration can be used for |
| cloudResourceName string | CloudResourceName is the name of the object in the cloud provider that represents this role. This should be left empty, Wayfinder will populate this on entry with an appropriate value. |
| assumeProviderRole string | AssumeProviderRole contains a reference to the identifier that should be assumed by Wayfinder when using this account for this role, i.e. AWS ARN, GCP Service Account, Azure Role, etc. |
| deployedResourceHash string | DeployedResourceHash is a checksum calculated from the role definition when created - This is set by the cli when creating the cloud resources for the role - It is used by the controller to indicate if the role setup needs to be repeated |
CloudAccessConfigRoleStatus
(Appears on: CloudAccessConfigStatus)
CloudAccessConfigRoleStatus is the status of a role on a cloud access config
| Field | Description |
|---|---|
| status RoleStatus | |
| message string |
CloudAccessConfigSpec
(Appears on: CloudAccessConfig)
CloudAccessConfigSpec defines the specification of an account known to wayfinder
| Field | Description |
|---|---|
| name string | Name is the unique logical name for this cloud access config |
| description string | Description is an optional longer human-readable description of this cloud access config to help users understand which cloud access configuration to choose. |
| cloud string | Cloud defines which cloud provider this account is for |
| identifier string | Identifier is the unique identifier for this account with the cloud provider, i.e. AWS account ID, GCP project ID, Azure subscription, etc. |
| orgIdentifier string | OrgIdentifier is an identifier for the cloud organization, i.e. AWS master account ID, Azure tenant, GCP organization ID, etc. May be required for certain functionality on some clouds. |
| defaultRegion string | DefaultRegion is an optional default region to use for API access in this account when no region is specified for the operation. This is used to determine, for example, which region to use to talk to global services such as Route53 in AWS. E.g. eu-west-2, europe-west2, uksouth |
| stage string | Stage defines the stage this cloud access config will be used for in the workspace. Optional for ‘admin’ cloud access configs, required for workspace cloud access configs. |
| identityCred CloudIdentityReference | IdentityCred is a reference to the credential for Wayfinder to identify itself to this cloud provider when using this configuration. Will be populated by Wayfinder with the default identity cred for this cloud if unspecified on entry. |
| features []string | Features lists the ways in which it is intended for this cloud access config to be used. This will allow the relevant set of roles to be determined. |
| roles []CloudAccessConfigRole | Roles defines the possible ways in which Wayfinder can use this cloud, along with details of how Wayfinder should identify itself (or provider-specific roles that need to be assumed) to use this account in the specified way. The set of roles required for a cloud is defined by the enabled features. |
CloudAccessConfigStatus
(Appears on: CloudAccessConfig)
CloudAccessConfigStatus defines the status of a cloud access configuration
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| providerStatus ProviderStatus | ProviderStatus can be populated with provider-specific status information, particularly relevant on accounts of type managed. |
| features map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/cloudaccess/v2beta1.CloudFeatureStatus | Features describes the status of any features specified on this cloud access config. |
| roles map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/cloudaccess/v2beta1.CloudAccessConfigRoleStatus | Roles provides the status of each underlying required role. The keys of the map are the role names. |
CloudAccountOrOrg
CloudAccountOrOrg allows the role management functionality to operate for both cloud orgs and cloud access configs without worry
CloudFeatureStatus
(Appears on: CloudAccessConfigStatus)
CloudFeatureStatus describes the status of a cloud access feature
| Field | Description |
|---|---|
| ready bool | Ready indicates whether this feature is ready to use. |
| setupRequired bool | SetupRequired indicates this feature needs wf setup cloudaccessconfig to sort it out (i.e. one or more roles is missing, requires a provider role specifying, or requires updating). This will be false if a role is correct and specified but somehow not valid. |
| requiredRoles []string | RequiredRoles indicates the list of roles that this cloud access config needs working in order for this feature to work. Each role identified here will have an entry in status.Roles to understand the status of these underlying roles. |
CloudIdentityReference
(Appears on: CloudOrgSpec, CloudAccessConfigSpec, CostImportSpec)
CloudIdentityReference is a reference specifically to a cloud identity
| Field | Description |
|---|---|
| namespace string | Namespace for the identity, specify empty for implicit credentials |
| name string | Name for the credential, specify empty for implicit credentials |
CloudIdentitySpec
(Appears on: CloudIdentity)
CloudIdentitySpec defines the metadata about the identity When required it will have a reference to kubernetes secret containing the credentials
| Field | Description |
|---|---|
| name string | Name is a human-understandable name for this credential |
| cloud string | Cloud defines which cloud provider this credential is for |
| implicitIdentity bool | ImplicitIdentity specifies that any credentials are provided by the run time process environment and NOT a secret reference. Typically this means that workload identity is to be used. |
| implicitIdentityID string | ImplicitIdentityID specifies any ID that the run time process environment needs to authenticate to a specific identity where more than one can be assigned to a process |
| credentialsInputData map[string]string | CredentialsInputData can be used to populate the secret when creating/updating a credential. This will never be populated when the credential is returned from the API. If specified, this must include the correct set of keys for credentials for the cloud provider that CloudAccount references. |
| secretRef Kubernetes core/v1.SecretReference | SecretRef is a reference to the Kubernetes secret containing the actual key data for this credential. If the secret does not exist but CredentialsInputData is populated, this secret will be created. This can also be a reference to an existing secret managed outside Wayfinder. Where CredentialsInputData is specified but this is left blank, Wayfinder will assign this value. |
| credentialsUpdated Kubernetes meta/v1.Time | CredentialsUpdated should be set to the current time when an underlying secret is updated. This will be automatically set to the current time if CredentialsInputData is set. If you manually change the secret outside Wayfinder, update this field to trigger re-verification of this credential. |
CloudIdentityStatus
(Appears on: CloudIdentity)
CloudIdentityStatus represents the status of a cloud identity for account access
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| verified bool | Verified checks that the credentials are ok and valid |
| identity string | Identity is the unique reference to the cloud principle e.g. aws role, gcp service-account etc. |
ClusterServiceAccount
(Appears on: WorkloadIdentitySpec, WorkloadIdentity)
ClusterServiceAccount represents the identity inside the cluster that will use the workload identity
| Field | Description |
|---|---|
| namespace string | |
| name string |
GCPIAM
(Appears on: IAMRoles)
GCPIAM is a collection of GCP roles
| Field | Description |
|---|---|
| projectID string | |
| features []string | |
| iam []GCPServiceAccountAndBindings |
GCPOrgBindings
(Appears on: GCPServiceAccountAndBindings)
| Field | Description |
|---|---|
| orgID string | |
| binding []Binding |
GCPProjectBindings
(Appears on: GCPServiceAccountAndBindings)
| Field | Description |
|---|---|
| projectID string | |
| binding []Binding |
GCPServiceAccount
(Appears on: GCPServiceAccountAndBindings)
| Field | Description |
|---|---|
| displayName string | |
| email string |
GCPServiceAccountAndBindings
(Appears on: GCPIAM)
| Field | Description |
|---|---|
| wayfinderRoleName string | |
| serviceAccount GCPServiceAccount | |
| bindings GCPServiceAccountBinding | |
| projectBindings GCPProjectBindings | |
| orgBindings GCPOrgBindings |
GCPServiceAccountBinding
(Appears on: GCPServiceAccountAndBindings)
| Field | Description |
|---|---|
| displayName string | |
| binding []Binding |
GCPWorkloadIdentityParameters
(Appears on: WorkloadIdentityProviderDetails)
GCPWorkloadIdentityParameters is the parameters for a GCP workload identity
GetRolesIAMRequest
GetRolesIAMRequest is the input for getting cloud IAM objects Used before a cloud access config exists
| Field | Description |
|---|---|
| name string | Name is the name of the cloud access config to template the roles for |
| workspace WorkspaceKey | Workspace is the workspace to template the roles for |
| provider string | Cloud is the cloud provider |
| roleNameOverrides map[string]string | RoleNameOverrides is a list of custom names to use for cloud IAM objects For AWS, must start with wf- at this time |
| defaultRegion string | DefaultRegion is the default region for accessing the cloud provider |
| identifier string | Identifier is the AWS account ID, Azure subscription ID or GCP project ID is used to specify the scope of the IAM permissions |
| orgIdentifier string | OrgIdentifier for the CloudAccessResource Required on Azure. Set to the Azure Tenant ID |
| features []string | Features is a list of features that the IAM roles should support |
| stage string | Stage is the stage of the cloud access config. Only used for naming the CloudAccessConfig resource |
IAMRoles
(Appears on: CloudAccessConfigAndIAM)
IAMRoles is a collection of IAM objects required to provide access for Wayfinder roles
ProviderAccountType (string)
(Appears on: ProviderStatus)
ProviderAccountType represents the concrete type of account that a CloudAccessConfiguration represents
| Value | Description |
|---|---|
"AWSAccount" | ProviderAccountTypeAWSAccount is an AWS account for running workloads |
"AzureSubscription" | ProviderAccountTypeAzureSubscription is an Azure subscription for running workloads |
"GCPProject" | ProviderAccountTypeGCPProject is a GCP project for running workloads |
ProviderStatus
(Appears on: CloudAccessConfigStatus)
ProviderStatus provides status fields specific to a cloud provider
| Field | Description |
|---|---|
| type ProviderAccountType | |
| awsAccount AWSAccountStatus | (Optional) AWSAccount holds status specific to AWS accounts. |
RoleStatus (string)
(Appears on: CloudAccessConfigRoleStatus)
RoleStatus is a possible status of a role on a cloud access configuration
| Value | Description |
|---|---|
"Invalid" | RoleInvalid indicates that a specified role is not usable, for example it cannot be accessed from the identity associated with this cloud access config or does not exist |
"Missing" | RoleMissing indicates that a required role for a specified feature is not set for this cloud configuration |
"Pending" | RolePending indicates that the role has not yet been checked |
"RequiresProviderRole" | RoleRequiresProviderRole indicates that a specified role requires an AssumeProviderRole but none has been provided |
"RequiresUpdate" | RoleRequiresUpdate indicates that the permissions required for the role are not correct in the cloud provider so this role needs to be updated |
"Valid" | RoleValid indicates this cloud role is ready to use |
WorkloadIdentityProviderDetails
(Appears on: WorkloadIdentitySpec)
WorkloadIdentityProviderDetails provides parameters that are specific to a particular type of workload identity
| Field | Description |
|---|---|
| type WorkloadIdentityType | |
| aws AWSWorkloadIdentityParameters | (Optional) AWS holds parameters specific to AWS workload identities. Present only if type is AWS. |
| gcp GCPWorkloadIdentityParameters | (Optional) GCP holds parameters specific to GCP workload identity. Present only if type is GCP. |
| azure AzureWorkloadIdentityParameters | (Optional) Azure holds parameters specific to Azure workload identity. Present only if type is Azure. |
WorkloadIdentityRole (string)
(Appears on: WorkloadIdentitySpec, WorkloadIdentity)
| Value | Description |
|---|---|
"CertManager" | WorkloadIdentityRoleExternalDNS defines the required permissions for CertManager to function in a given cloud |
"ClusterAutoscaler" | WorkloadIdentityRoleClusterAutoscaler defines the required permissions for the cluster autoscaler to function in a given cloud (only needed on AWS) |
"ExternalDNS" | WorkloadIdentityRoleExternalDNS defines the required permissions for ExternalDNS to function in a given cloud |
"None" | WorkloadIdentityRoleNone defines the “minimal” cloud permissions - For AWS the identity IS a role which we will add simply sts:GetCallerIdentity - For Azure no permissions are required |
"TerraformExecutor" | WorkloadIdentityRoleTerraformExecutor defines the required permissions for the Terranetes controller to create and manage cloud resources |
WorkloadIdentitySpec
(Appears on: WorkloadIdentity)
WorkloadIdentitySpec defines the specification of a workload identity which should be provisioned
| Field | Description |
|---|---|
| cloud string | Cloud defines which cloud provider this workload identity is for |
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef defines which cloud access configuration to use to build this workload identity in |
| cluster Ownership | Cluster is a reference to the cluster which this workload identity will be used in. |
| clusterServiceAccount ClusterServiceAccount | ClusterServiceAccount is the name and namespace of the service account which will use this identity in the target cluster. Required on AWS and GCP, optional (and unused) on Azure at this time. |
| providerDetails WorkloadIdentityProviderDetails | ProviderDetails provides additional fields which can be used for cloud-provider specific data needed to provision a workload identity |
| role WorkloadIdentityRole | Role must be the name of a valid workload identity role known to Wayfinder Can optionally be None to indicate that no specific permissions are defined with the identity |
| identityOnly bool | IdentityOnly will create an identity associated with a cluster with no specific permissions Must specify Role=None if this is true. In AWS: - An IAM role is created and associated with a specific Kubernetes service account - no inline or attached policies are managed (post creation of the IAM role) - It is a “user” responsibility to attach policies to the IAM role In Azure: - The user defined managed identity is created - No role definitions or role assignments are created - It is a “user” responsibility to create relevant role assignments |
| roleParameters map[string]string | RoleParameters are any parameters required for the specified role |
| cloudResourceName string | CloudResourceName specifies the name of the workload identity in the cloudaccount Can be left blank so that the name is derived from the cluster name + resource name |
WorkloadIdentityStatus
(Appears on: WorkloadIdentity)
WorkloadIdentityStatus defines the status of a cloud account
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| identity string | Identity contains a cloud-provider specific reference to the identity created for this resource, e.g. an AWS ARN or GCP service account email |
WorkloadIdentityType (string)
(Appears on: WorkloadIdentityProviderDetails)
WorkloadIdentityType represents the concrete type of a workload identity to provide
| Value | Description |
|---|---|
"AWS" | WorkloadIdentityTypeAWS is for AWS managed workload identity |
"Azure" | WorkloadIdentityTypeAzure is for Azure managed workload identity |
"GCP" | WorkloadIdentityTypeGCP is for GCP managed workload identity |
cloudresources.appvia.io/v2beta1
Package v2beta1 contains API Schema definitions for the cloudresources v2beta1 API group
Resource Types:CloudResourcePlan
CloudResourcePlan represents a deployable cloud resource for an application, such as a database or storage bucket.
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | cloudresources.appvia.io/v2beta1 | ||||||||||||||||||
| kind string | CloudResourcePlan | ||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||
| spec CloudResourcePlanSpec |
| ||||||||||||||||||
| status CloudResourcePlanStatus |
|
CloudResourcePlanSpec
(Appears on: CloudResourcePlan)
CloudResourcePlanSpec defines a plan for a cloud resource.
| Field | Description |
|---|---|
| PlanSpec PlanSpec | (Members of PlanSpec are embedded into this type.) |
| description string | Description provides a short summary for the cloud resource plan. |
| cloud string | Cloud refers to the cloud provider of the resource (azure, gcp, aws). |
| enableWatch bool | EnableWatch indicates whether wayfinder will watch for updates to the associated resource. |
| enableTemplateAutoUpgrade bool | EnableTemplateAutoUpgrade indicates whether the resource’s associated template should automatically update when new versions are available |
| template Configuration | Template represents the configuration values for a specific revision of the cloud resource. |
| inputDefinitions []InputDefinition | InoutDefinitions provides more detail about the inputs that the terraform module represented by this plan has. |
| inputsFrom []InputValue | InputsFrom is a optional collection of values which are injected into the rendered output of the resource. |
| outputs []Output | Outputs is a list of available outputs from the revision of the terraform module represented by this plan. |
CloudResourcePlanStatus
(Appears on: CloudResourcePlan)
CloudResourcePlanStatus defines the status of a cloud resource plan.
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
Configuration
(Appears on: CloudResourcePlanSpec)
Configuration defines the configuration elements required to properly render a terraform plan. It represents a cloud resource plan’s set Inputs (allowed input fields, along with values), and outputs, tied to a specific revision of a cloud resource (terraform module).
| Field | Description |
|---|---|
| source string | Source is the URL of the terraform module to apply |
| revision string | Revision is the version of the terraform module to apply. |
| variables k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON | Variables is the set of values to pass as input variables to the Terraform module when applied. These can be augmented and edited when the plan is consumed, according to the policies defined on this plan. |
InputDefinition
(Appears on: CloudResourcePlanSpec, RevisionInfo)
InputDefinition defines an input to a terraform plan.
| Field | Description |
|---|---|
| default k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1.JSON | Default is the default value of the variable |
| description string | Description is the description of the variable |
| name string | Name is the name of the variable |
| required bool | Required is true if the variable is required |
| sensitive bool | Sensitive indicates if the output is sensitive |
| type string | Type is the type of the variable |
InputValue
(Appears on: CloudResourcePlanSpec)
InputValue represents a single named input and maps a path in a resource to a destination (in this case a Terraform plan).
| Field | Description |
|---|---|
| name string | Name represents the name of the input/variable for the terraform plan. |
| kind string | Kind represents the kind of resource the source information is coming from. Callers should use this to switch bahviour based on the kind. |
| resource ResourceValuesFrom | Resource is used to filter on and extract the details from a managed resource in Wayfinder. |
Output
(Appears on: CloudResourcePlanSpec, RevisionInfo)
Output defines a required output from a terraform plan once applied.
| Field | Description |
|---|---|
| name string | Name is the name of the output |
| description string | Description is the description of the output |
| sensitive bool | Sensitive indicates if the output is sensitive |
| userFacing bool | UserFacing identifies this output as a key output to make downstream users of this resource plan aware of. It has no functional impact other than conveying that intention. |
ResourceValuesFrom
(Appears on: InputValue)
ResourceValuesFrom is used to define a reference to a resource. It maps the source path (where the value comes from, given a resource) and where it will be applied (in the resulting Terraform). Prefixes and suffixes can be added as required on the resulting destination value if required.
| Field | Description |
|---|---|
| Ownership Ownership | (Members of Ownership are embedded into this type.) |
| srcPath string | SrcPath is a JSON path into the resource data (where to get the value from). Its value will be applied against the parent InputValue’s Name. |
| valuePrefix string | ValuePrefix is a prefix which will be prepended to the value patched into the Terraform value. If specified, this means the value from the key will be coerced to a string. |
| valueSuffix string | ValueSuffix is a suffix which will be appended to the value patched into the Terraform value. If specified, this means the value from the key will be coerced to a string. |
RevisionInfo
RevisionInfo is an information struct about a revision of a terraform module. This is only used by the Wayfinder API to inform about known revisions.
| Field | Description |
|---|---|
| outputs []Output | Outputs is a list of outputs to extract from the terraform module |
| revision string | Revision is the revision of the cloud resource |
| source string | Source is a human readable link to the revision source - this could be a url to the github release, a tag etc |
| variables []InputDefinition | Variables is a list of variables to pass to the terraform module |
compute.appvia.io/v2beta1
Package v1alpha1 contains API Schema definitions for the compute v1alpha1 API group
Resource Types:- Cluster
- ClusterPlan
- ContainerRegistry
- GlobalContainerRegistry
- KubernetesUpdate
- NamespaceClaim
- NodePool
- NodePoolUpdate
- QuotaLimit
Cluster
Cluster is the schema for cluster definitions in Wayfinder
| Field | Description | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||||||||||||||||||||||||
| kind string | Cluster | ||||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||||
| spec ClusterSpec |
| ||||||||||||||||||||||||||||
| status ClusterStatus |
|
ClusterPlan
ClusterPlan is the Schema for the plans API
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||
| kind string | ClusterPlan | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec ClusterPlanSpec |
| ||||||
| status ClusterPlanStatus |
|
ContainerRegistry
ContainerRegistry is the container registry type
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||
| kind string | ContainerRegistry | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec ContainerRegistrySpec |
| ||||||
| status ContainerRegistryStatus |
|
GlobalContainerRegistry
GlobalContainerRegistry is the global container registry type
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||
| kind string | GlobalContainerRegistry | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec ContainerRegistrySpec |
| ||||||
| status ContainerRegistryStatus |
|
KubernetesUpdate
KubernetesUpdate is the schema for Kubernetes version updates to clusters
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||
| kind string | KubernetesUpdate | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec KubernetesUpdateSpec |
| ||||||
| status KubernetesUpdateStatus |
|
NamespaceClaim
NamespaceClaim is the Schema for the namespaceclaims API
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||||||
| kind string | NamespaceClaim | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec NamespaceClaimSpec |
| ||||||||||
| status NamespaceClaimStatus |
|
NodePool
Nodepool is the schema for cluster nodepool definitions in Wayfinder
| Field | Description | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||||||||||||||||||||||||||||||||
| kind string | NodePool | ||||||||||||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||||||||||||
| spec NodePoolSpec |
| ||||||||||||||||||||||||||||||||||||
| status NodePoolStatus |
|
NodePoolUpdate
NodePoolUpdate is the schema for cluster nodepool replacement definitions in Wayfinder
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||||||
| kind string | NodePoolUpdate | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec NodePoolUpdateSpec |
| ||||||||||
| status NodePoolUpdateStatus |
|
QuotaLimit
QuotaLimit is the schema for QuotaLimit
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | compute.appvia.io/v2beta1 | ||||||
| kind string | QuotaLimit | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec QuotaLimitSpec |
| ||||||
| status QuotaLimitStatus |
|
AKSClusterStatus
(Appears on: ProviderStatus)
AKSClusterStatus is used to hold any thing related to the AKS clusters
| Field | Description |
|---|---|
| infraResourceGroupName string | InfraResourceGroupName is the resource group that AKS manages |
| clusterPrincipalId string | ClusterPrincipalID is the cluster principal in Azure This is required for assigning permission to the AKS cluster in Azure |
AKSNodePoolSpec
(Appears on: NodePoolProviderDetails)
AKSNodePoolSpec represents a node pool within a AKS cluster
| Field | Description |
|---|---|
| mode string | Mode is the type of the node pool. System node pools serve the primary purpose of hosting critical system pods such as CoreDNS and tunnelfront. User node pools serve the primary purpose of hosting your application pods. |
AKSNodePoolSpotInstances
(Appears on: SpotInstancesOptions)
AKSNodePoolSpotInstances are the options for spot instances in Azure
| Field | Description |
|---|---|
| maxSpotPrice string | MaxSpotPrice is the maximum price willing to pay for an spot instance billed in microdollars. The figure is optional and needless to say only relevant when the nodepool is made of spot instances |
AKSSpec
(Appears on: ClusterProviderDetails)
AKSSpec defines the desired state of an AKS cluster
| Field | Description |
|---|---|
| linuxProfile LinuxProfile | LinuxProfile is the configuration for Linux VMs |
| skuTier string | SKUTier is the Uptime SLA that should be used for the AKS cluster. “Free” or “Paid” |
| windowsProfile WindowsProfile | WindowsProfile is the configuration for Windows VMs |
| resourceGroupOverride string | ResourceGroupOverride will specify a resource group when required |
| infraResourceGroupOverride string | InfraResourceGroupOverride will specify a resource group to use for nodes useful when we want to reclaim a cluster |
Authentication
Authentication provides options to the authentication module
| Field | Description |
|---|---|
| disableInline bool | DisableInline indicates if we disable inline authorization |
AuthorizedNetwork
AuthorizedNetwork provides a definition for the authorized networks
| Field | Description |
|---|---|
| name string | Name provides a descriptive name for this network |
| cidr string | CIDR is the network range associated to this network |
AutoScalingOptions
(Appears on: NodePoolSpec, OriginalNodePoolStatus)
AutoScalingOptions define the options per cloud provider for autoscaling
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the node pool to use autoscaling |
| minSize int64 | MinSize is minimum number of nodes if autoscaling is enabled |
| maxSize int64 | MaxSize is the maximum number of nodes if autoscaling is enabled |
CloudWatchLogging
(Appears on: EKSSpec)
CloudWatchLogging defines the control plane logging options
| Field | Description |
|---|---|
| api bool | API will enable logging for the Kubernetes API server |
| audit bool | Audit will enable logging for the Kubernetes audit |
| authenticator bool | Authenticator will enable logging for the Kubernetes authentication |
| controllerManager bool | ControllerManager will enable logging for the Kubernetes controller manager |
| scheduler bool | Scheduler will enable logging for the Kubernetes scheduler component |
ClusterMetric
(Appears on: Metrics)
ClusterMetric defines a metric for a cluster
| Field | Description |
|---|---|
| name string | Name is the name of the metric |
| cpu string | CPU is the CPU usage |
| memory string | Memory is the memory usage |
| pods string | Pods is the number of pods |
ClusterPlanSpec
(Appears on: ClusterPlan)
ClusterPlanSpec defines the desired state of Plan
| Field | Description |
|---|---|
| PlanSpec PlanSpec | (Members of PlanSpec are embedded into this type.) |
| summary string | Summary provides a short title summary for the cluster plan It should describe a cluster in terms that are meaningful for developers: e.g. a cluster with very large nodes suitable for memory intensive applications |
| template ClusterTemplate | Template are the key+value pairs describing a cluster configuration |
ClusterPlanStatus
(Appears on: ClusterPlan)
ClusterPlanStatus defines the observed state of Plan
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
ClusterProviderDetails
(Appears on: ClusterShared)
ClusterProviderDetails defines the parameters for cloud specific options - i.e options which cannot be consolidated as they are too specific to the chosen cloud vendor
| Field | Description |
|---|---|
| type ProviderType | |
| aks AKSSpec | AKS defines the cloud specific options for AKS clusters |
| eks EKSSpec | EKS defines a cloud specific options for EKS clusters |
| gke GKESpec | GKE is the provider specification for their clusters |
| unmanaged UnmanagedSpec | Unmanaged provides the specification for unmanagement cluster |
ClusterQuotaLimits
(Appears on: ClusterShared)
ClusterQuotaLimits defines templates for QuotaLimits for a cluster
| Field | Description |
|---|---|
| templates []QuotaLimitTemplate | Templates provide initial defaults for Quotas and Limits for allocated namespaces used when a cluster is allocated to other workspaces to control ResourceQuotas and LimitRanges These values will result in a one time creation of: - a new cluster workspace QuotaLimit object for “constraints” per workspace (with a namespace claim) - a tenant workspace QuotaLimit object for namespace defaults per workspace Required if a cluster is allocated for any tenant workspaces |
| default string | Default specifies the default template name to use e.g. “Small” A specific template can be specified with labels on NamespaceClaim objects Required if a cluster is allocated for any tenant workspaces |
ClusterShared
(Appears on: ClusterSpec, ClusterTemplate)
ClusterShared provides the fields that exist on both the ClusterPlan and Cluster spec
| Field | Description |
|---|---|
| channel string | Channel describes the channel a cluster follows. On create, you must populate either channel or version, but not both. |
| description string | Description provides a short summary to the use of the cluster |
| enableAutoUpgrade bool | EnableAutoUpgrade indicates wayfinder should handle any upgrades for the clusters |
| enablePrivateCluster bool | EnablePrivateCluster indicates the cluster should be made private |
| expires Kubernetes meta/v1.Duration | Expires provides the duration (TTL) before automatic expiration of the cluster |
| maintenance MaintenanceWindow | Maintenance provides the details around the maintenance window |
| networking Networking | Networking provides the details around the cluster networking options |
| nodePools []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/compute/v2beta1.NodePoolSpec | NodePools is a collection of node pools associated to the cluster |
| provider string | Provider refers to the cluster type (e.g. AKS, GKE, EKS) |
| providerDetails ClusterProviderDetails | ProviderDetails defines cloud specific cluster options |
| security Security | Security contains security settings for the cluster |
| region string | Region is the region you want the cluster to reside |
| quotaLimits ClusterQuotaLimits | QuotaLimits provide defaults for quotas and limits which are critical for multi-tenancy |
| version string | Version is the kubernetes version to use. On create, you must populate either Channel or Version, but not both. |
ClusterSpec
(Appears on: Cluster)
ClusterSpec defines the desired state of a cluster
| Field | Description |
|---|---|
| allocation ResourceAllocation | Allocation describes which workspaces can use this cluster. |
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef is a reference to the cloud access configuration to use when building the cluster |
| cloudResourceName string | CloudResourceName specifies the name of the cluster in the cloud Can be left blank so that the name is derived from the wayfinder workspace and resource name |
| plan string | Plan refers to the original plan the cluster was created from |
| stage string | Stage is the name of the stage for this cluster |
| secretRef Kubernetes core/v1.SecretReference | SecretRef is a reference to an existing secret containing an administrative access token for this cluster. Required only for clusters which are not created by Wayfinder. |
| ClusterShared ClusterShared | (Members of ClusterShared are embedded into this type.) |
ClusterStatus
(Appears on: Cluster)
ClusterStatus defines the observed state of a cluster
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| authProxyEndpoint string | AuthProxyEndpoint is the endpoint of the authentication proxy for this cluster |
| authProxyCertificate string | AuthProxyCertificate is the certificate of the auth proxy endpoint |
| caCertificate string | CaCertificate is the base64 encoded cluster certificate |
| kubeApiEndpoint string | KubeAPIEndpoint is the kubernetes API endpoint url |
| networkFabric NetworkFabricStatus | Network contains the network configuration used by this cluster |
| providerStatus ProviderStatus | ProviderStatus is provider specific data with types |
| version string | Version is the kubernetes version of the cluster |
| dnsZones []string | DNSZones is a list of Wayfinder-managed DNS zones which are currently available in this cluster with ExternalDNS. This will be populated if the DNSReady condition is true. |
| expires Kubernetes meta/v1.Time | Expires is the timestamp after which the cluster should automatically be removed. The populated value should be time at which the cluster is created, plus duration defined in Spec.Expires |
| deployedChartsImage string | DeployedChartsImage will be set, once the cluster is in condition HelmReady, to indicate which version of the charts image is deployed and active in this cluster |
| deployedAuthProxyImage string | DeployedAuthProxyImage will be set, once the cluster is in condition AuthProxyReady, to indicate which version of the auth proxy image is deployed and active in this cluster |
| deployedResourceHashes []DeployedResourceHash | DeployedResourceHashes is set to a hash of the resources deployed into the cluster so we can re-apply if the resources change but quickly no-op if they have not. |
| metrics Metrics | Metrics is a list of metrics for this cluster |
ClusterTemplate
(Appears on: ClusterPlanSpec)
| Field | Description |
|---|---|
| ClusterShared ClusterShared | (Members of ClusterShared are embedded into this type.) |
| clusterLabels map[string]string | ClusterLabels provide a set of labels which will be set on any cluster built from this plan |
Constraints
(Appears on: NamespaceClaimStatus, QuotaLimitSpec, QuotaLimitTemplate)
Constraints controlling a namespace by an owner
| Field | Description |
|---|---|
| hardQuota ResourceList | QuotaHard are applied as ResourceQuota objects to all namespaces for a tenant of that type There are the maximun resource usage in total for a namespace e.g.: hardQuota: requests.cpu: “1” requests.memory: “1Gi” limit.cpu: “2” |
| limitRanges []LimitRangeConstraint | LimitRanges (in the context of constraints) are applied as LimitRanges (using Max) These are the largest values that can be used by a single resource in a namespace They will prevent workloads from using up all resources on a single node |
ContainerRegistryProviderDetails
(Appears on: ContainerRegistrySpec)
ContainerRegistryProviderDetails provides parameters that are specific to a particular type of Container Registry
| Field | Description |
|---|---|
| type ContainerRegistryType | |
| unmanaged UnmanagedContainerRegistryParameters | (Optional) Unmanaged holds parameters specific to an Unmanaged container registries. |
ContainerRegistrySpec
(Appears on: ContainerRegistry, GlobalContainerRegistry)
ContainerRegistrySpec defines the specification of a container registry
| Field | Description |
|---|---|
| target ContainerRegistryTarget | Target contains targeting information for this registry |
| provider string | Provider defines which provider to use to create this registry |
| providerDetails ContainerRegistryProviderDetails | ProviderDetails provides additional fields which can be used for provider specific data needed to provision this registry |
ContainerRegistryStatus
(Appears on: ContainerRegistry, GlobalContainerRegistry)
ContainerRegistryStatus defines the status of a container registry
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| RoutingStatus RoutingStatus | (Members of RoutingStatus are embedded into this type.) |
| pullSecret Kubernetes core/v1.SecretReference | PullSecret is a reference to the imagePullSecret |
ContainerRegistryTarget
(Appears on: ContainerRegistrySpec)
ContainerRegistryTarget is the targeting specification for this registry
| Field | Description |
|---|---|
| cluster Kubernetes meta/v1.LabelSelector | Cluster specifies the cluster(s) this registry should be made available to |
| namespace Kubernetes meta/v1.LabelSelector | Namespace specifies the Namespace(s) this registry should be made available to |
ContainerRegistryType (string)
(Appears on: ContainerRegistryProviderDetails)
ContainerRegistryType represents the concrete type of a Container Registry to provide
| Value | Description |
|---|---|
"Unmanaged" | ContainerRegistryTypeUnmanaged is the type for unmanaged registries |
DeployedResourceHash
(Appears on: ClusterStatus)
DeployedResourceHash provides a hash for a deployed resource (e.g. the auth proxy or helm controller) so we can quickly no-op if the hash is unchanged
| Field | Description |
|---|---|
| name string | Name is the name of the resource |
| hash string | Hash is the computed hash of the resources last applied |
EKSClusterStatus
(Appears on: ProviderStatus)
EKSClusterStatus is used to hold any thing related to the EKS clusters
| Field | Description |
|---|---|
| oidc string | OIDC is the url for the OIDC endpoint |
EKSNodePoolSpec
(Appears on: NodePoolProviderDetails)
EKSNodePoolSpec defines the desired state of EKSCluster
| Field | Description |
|---|---|
| ami string | AMI is a custom image we should use for this nodepool |
| eC2SSHKey string | EC2SSHKey is the Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node grouphttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html |
| sshSourceSecurityGroups []string | SSHSourceSecurityGroups is the security groups that are allowed SSH access (port 22) to the worker nodes |
| userData string | UserData for the launch configuration |
EKSNodePoolSpotInstances
(Appears on: SpotInstancesOptions)
EKSNodePoolSpotInstances defined the options for EKS spot instances
| Field | Description |
|---|---|
| additionalInstanceTypes []string | AdditionalInstanceTypes provides an additional list of instances to use when spot instances is enabled |
EKSSpec
(Appears on: ClusterProviderDetails)
EKSSpec defines the desired state of EKSCluster
| Field | Description |
|---|---|
| adminARNs []string | AdminARNs is the list of roles or users to be granted access to the EKS K8s API |
| cloudWatchLogging CloudWatchLogging | CloudWatchLogging allows all control plane logging to be enabled |
| enableEndpointPrivate bool | EnableEndpointPrivate indicates the EKS endpoint should be private and non-public facing |
| securityGroupIDs []string | SecurityGroupIds is a list of security group IDs |
GKENodePoolSpec
(Appears on: NodePoolProviderDetails)
GKENodePoolSpec defines a the cloud specific options for a GKE nodepool
| Field | Description |
|---|---|
| enableAutorepair bool | EnableAutorepair indicates if the node pool should automatically repair failed nodes |
| enableAutoupgrade bool | EnableAutoUpgrade indicates if the node group should be configured with auto-upgrading enabled. This must be true if the cluster has ReleaseChannel set. |
GKESpec
(Appears on: ClusterProviderDetails)
GKESpec defines the additional options for a GKE cluster
| Field | Description |
|---|---|
| enableHorizontalPodAutoscaler bool | The Horizontal Pod Autoscaler changes the shape of your Kubernetes workload by automatically increasing or decreasing the number of Pods in response to the workload’s CPU or memory consumption, or in response to custom metrics reported from within Kubernetes or external metrics from sources outside of your cluster. |
| enableHTTPLoadBalancer bool | EnableHTTPLoadBalancer indicates if the cluster should be configured with the GKE ingress controller. When enabled GKE will autodiscover your ingress resources and provision load balancer on your behalf. |
| enableShieldedNodes bool | EnableShieldedNodes indicates we should enable the shielded nodes options in GKE. This protects against a variety of attacks by hardening the underlying GKE node against rootkits and bootkits. |
| enableStackDriverLogging bool | EnableStackDriverLogging indicates if Stackdriver logging should be enabled for the cluster |
| enableStackDriverMetrics bool | EnableStackDriverMetrics indicates if Stackdriver metrics should be enabled for the cluster |
| masterIPV4Cidr string | TODO: always derive this off the network when it exists MasterIPV4Cidr is network range used when private networking is enabled. This is the peering subnet used to to GKE master api layer. Note, this must be unique within the network. |
GlobalOrScopedContainerRegistry
GlobalOrScopedContainterRegistry provides a common interface for global or workspace-scoped Container Regigistries
KubernetesUpdateSpec
(Appears on: KubernetesUpdate)
KubernetesUpdateSpec defines an update to the kubernetes version
| Field | Description |
|---|---|
| UpdateSpec UpdateSpec | (Members of UpdateSpec are embedded into this type.) |
| targetKubernetesVersion string | TargetKubernetesVersion is the specific Kubernetes version to use for the new node pool spec - Normally be an increment of the current, existing Kubernetes version - should satisfy the rules of the Kubernetes versioning scheme as per https://kubernetes.io/docs/setup/release/version-skew-policy/ |
KubernetesUpdateStatus
(Appears on: KubernetesUpdate)
KubernetesUpdateStatus defines the observed state of an update
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| startTime Kubernetes meta/v1.Time | StartTime is the time the update was started Is used to estimate the percentage complete time |
| estimatedPercentageComplete int | EstimatedPercentageComplete is the estimated percentage complete of the update - Based on the time from StartTime and a test of actual updates |
LimitRangeConstraint
(Appears on: Constraints)
LimitRangeConstraint provides constraining Limits to be applied to a managed namespace Managed by tenant
| Field | Description |
|---|---|
| type Kubernetes core/v1.LimitType | Type of resource that this limit applies to. |
| max ResourceList | (Optional) Max usage constraints on this kind by resource name. |
| maxLimitRequestRatio ResourceList | (Optional) MaxLimitRequestRatio if specified, the named resource must have a request and limit that are both non-zero where limit divided by request is less than or equal to the enumerated value; this represents the max burst for the named resource. |
LimitRangeDefault
(Appears on: QuotaLimitTemplate)
LimitRangeDefault provides defaults for pod container and volumes Managed by a tenant with understanding of the workloads involved
| Field | Description |
|---|---|
| type Kubernetes core/v1.LimitType | Type of resource that this limit applies to. |
| default ResourceList | (Optional) Default resource requirement limit value by resource name if resource limit is omitted. |
| defaultRequest ResourceList | (Optional) DefaultRequest is the default resource requirement request value by resource name if resource request is omitted. |
LinuxProfile
(Appears on: AKSSpec)
LinuxProfile is the configuration for Linux VMs
| Field | Description |
|---|---|
| adminUsername string | AdminUsername is the admin username for Linux VMs |
| sshPublicKeys []string | SSHPublicKeys is a list of public SSH keys to allow to connect to the Linux VMs |
MaintenanceWindow
(Appears on: ClusterShared)
MaintenanceWindow defines the maintenance window
| Field | Description |
|---|---|
| windowStart string | WindowStart is the time we can perform updates and upgrades, represented in 24h format e.g. “15:00” |
| windowDuration string | Duration is the length of the maintenance window |
Metrics
(Appears on: ClusterStatus)
| Field | Description |
|---|---|
| lastChecked Kubernetes meta/v1.Time | LastChecked identifies when the metrics of the cluster was last checked. |
| metrics []ClusterMetric | Metrics are the metrics of the cluster |
NamespaceClaimSpec
(Appears on: NamespaceClaim)
NamespaceClaimSpec defines the desired state of NamespaceClaim
| Field | Description |
|---|---|
| cluster Ownership | Cluster is the cluster the namespace resides |
| name string | Name is the name of the namespace to create |
| annotations map[string]string | Annotations is a series of annotations on the namespace |
| labels map[string]string | Labels is a series of labels for the namespace |
| resourceDefaults []github.com/appvia/wayfinder/tmpcrdref/pkg/apis/compute/v2beta1.LimitRangeDefault | ResourceDefaults provide defaults for workloads (to prevent initial constraint violations) Not set directly or managed by owners (as only maximum values taken so should not conflict) |
NamespaceClaimStatus
(Appears on: NamespaceClaim)
NamespaceClaimStatus defines the observed state of NamespaceClaim
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) Status is the status of the namespace |
| appliedConstraints Constraints | AppliedConstraints details any applicable constraints applied to this namespace by the cluster owner |
| packageValues []PackageValue | PackageValues are values present in packages that a user may need to construct manifests. |
| dnsZones []string | DNSZones are the zones associated with the namespace |
NetworkRange
NetworkRange defines a network block
| Field | Description |
|---|---|
| type string | Type defines the type of network |
| cidr string | CIDR defines the network range |
Networking
(Appears on: ClusterShared)
Networking defines the structure for all the internal network parameters These are not used to create a network, but to configure the cluster
| Field | Description |
|---|---|
| authorizedNetworks []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/compute/v2beta1.AuthorizedNetwork | AuthorizedNetworks is a collection of authorized networks which is permitted to speak to our authentication proxy |
| authorizedMasterNetworks []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/compute/v2beta1.AuthorizedNetwork | AuthorizedMasterNetworks is a collection of authorized networks which is permitted to speak to the cloud kubernetes API, default to all if not provided. |
| networkProvider string | NetworkProvider defines a network cni provider for the cluster |
| networkPlan string | NetworkPlan defines the network plan for the cluster If the network plan is not provided, a networkRef must be provided instead Required on cluster plans |
| networkRef Ownership | NetworkRef is reference to a network where the cluster should reside |
NodePoolCloudUpdateStrategy (string)
(Appears on: NodePoolUpdateOptions)
NodePoolReplacementStrategy is the CloudSupported NodePoolUpdate update in place strategy Only “CloudDefault” is supported nowhttps://appviakore.atlassian.net/browse/WF-2131 will introduce None (e.g. only replacement)
| Value | Description |
|---|---|
"CloudDefault" | NodePoolCloudUpdateStrategyCloudDefault will defer to the cloud provider mechanism for updating |
"None" | NodePoolCloudUpdateStrategyNone will disable cloud provider updates Only the replacement strategy options are then used |
NodePoolProviderDetails
(Appears on: NodePoolSpec)
NodePoolProviderDetails defines the parameters for cloud specific options - i.e options which cannot be consolidated as they are too specific to the chosen cloud vendor
| Field | Description |
|---|---|
| type ProviderType | |
| aks AKSNodePoolSpec | AKS defines the cloud specific options for AKS clusters |
| eks EKSNodePoolSpec | EKS defines a cloud specific options for EKS clusters |
| gke GKENodePoolSpec | GKE is the provider specification for their clusters |
| unmanaged UnmanagedNodePoolSpec | Unmanaged provides the specification for unmanaged cluster |
NodePoolReplacementStrategy (string)
(Appears on: NodePoolUpdateOptions)
NodePoolReplacementStrategy is the update strategy type for a NodePoolUpdate Only “None” is supported nowhttps://appviakore.atlassian.net/browse/WF-2131 will introduce NewReplacement
| Value | Description |
|---|---|
"NewReplacement" | NodePoolReplacementStrategyNewReplacement will create a new node pool and migrate workloads to it - will drain and delete the old NodePool nodes, one at a time |
"None" | NodePoolReplacementStrategyNone signifies we do not manage replacement NodePools We need to validate fields that are not supported by the cloud provider |
NodePoolSpec
(Appears on: NodePool, NodePoolUpdateSpec)
NodePool defines a node pool in kubernetes
| Field | Description |
|---|---|
| logicalName string | LogicalName is the internally unique name of the NodePool (not in cloud) - Should always be consistent with a single name entry in a Cluster or NodePoolUpdate - Has to be unique across all nodepools on the Cluster spec - Will NOT always match the name of the NodePool in cloud - Should be treated as an immutable field |
| cloudResourceName string | CloudResourceName is the name of the cloud resource - should not be set by the client - set by the NodePool mutate if empty - set by the NodePoolUpdate controller depending on the update type |
| description string | Description provides an optional description to the node pool |
| diskSize int64 | DiskSize is the amount of disk space to assign to the nodes in MBs |
| autoscaling AutoScalingOptions | Autoscaling indicates the node pool should autoscale |
| expires Kubernetes meta/v1.Time | Expires provides a time for automatic expiration of the cluster |
| image string | Image is the image we should use on the instances of this pool |
| labels map[string]string | Labels is a collection of label placed on to the nodepool |
| maxPodsPerNode int64 | MaxPodsPerNode controls how many pods can be scheduled onto each node in this pool |
| machine string | Machine is the instance type of the nodes in the poll |
| providerDetails NodePoolProviderDetails | ProviderDetails provides any cloud specific options for this nodepool |
| size int64 | Size is initial size if autoscaling defined - or the effective size if no autoscaling is enabled |
| spot SpotInstancesOptions | Spot if defines enables nodepool to use spot instances |
| taints []NodeTaint | Taints defines a collection scheduling taints placed on the nodepool |
| channel string | Channel describes the channel a NodePool follows If specified on a cluster, must be identical to the channel on the cluster |
| version string | Version is the specified version of kubernetes on the node pool This cannot be set by a client if a channel is also specified Will be set by the NodePoolUpdate controller on actual nodepools if a channel is specified |
| zones []string | Zones defines a list of cloud specific availability zones where the nodes are permitted to run |
| defaultUpdateOptions NodePoolUpdateOptions | DefaultUpdateOptions defines how this nodepool can be upgraded - Used by the cluster controller to generate NodePoolUpdates based on spec changes - Ignored when a NodePoolUpdate is created directly |
NodePoolStatus
(Appears on: NodePool)
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| name string | Name is the name of the node pool |
| details string | Details is message from the provider about the node pool |
| providerStatus ProvisioningState | ProvisioningState is provisioning state of the nodePool |
| nodeCount int | NodeCount is the number of nodes in the node pool |
| nodeCountReady int | NodeCountReady is the number of nodes in the node pool which are ready |
NodePoolUpdateNewReplacementConfig
(Appears on: NodePoolUpdateOptions)
NodePoolUpdateNewReplacementConfig are the options for a replacement strategy Not used yet - see https://appviakore.atlassian.net/browse/WF-2131
| Field | Description |
|---|---|
| nodeDrainTimeOut Kubernetes meta/v1.Duration | NodeDrainTimeOut is the delay to wait for a node to drain before force deleting it After this delay and then the node will be force deleted |
NodePoolUpdateOptions
(Appears on: NodePoolSpec, NodePoolUpdateSpec)
NodePoolUpdateOptions are all the options for updating or replacing a NodePool
| Field | Description |
|---|---|
| replacementStrategy NodePoolReplacementStrategy | ReplacementStrategy is how node pools can get replaced when required |
| cloudUpdateStrategy NodePoolCloudUpdateStrategy | CloudUpdateStrategy is how the cloud provider can update the node pool (if at all) |
| newReplacementConfig NodePoolUpdateNewReplacementConfig | NewReplacementConfig specifies how to create a new node pool and migrate workloads to it |
NodePoolUpdateSpec
(Appears on: NodePoolUpdate)
NodePoolUpdateSpec defines a node pool update or replacement in kubernetes
| Field | Description |
|---|---|
| UpdateSpec UpdateSpec | (Members of UpdateSpec are embedded into this type.) |
| newSpec NodePoolSpec | NewSpec is the desired spec of the existing (if updated) or new node pool (if replaced) |
| options NodePoolUpdateOptions | Options are the options for the update or replacement strategy |
| nodePoolToUpdate string | NodePoolToUpdate is the reference to the NodePool metadata.Name to be updated / replaced |
| targetKubernetesVersion string | TargetKubernetesVersion is the specific Kubernetes version to use for the new node pool spec - Only valid when a channel is also specified - Normally be an increment of the current, existing NodePool version - Not be greater than the cluster version |
NodePoolUpdateStatus
(Appears on: NodePoolUpdate)
NodePoolUpdateStatus defines the observed state of NodePoolUpdate
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| originalNodePool OriginalNodePoolStatus | OriginalNodePool is the status of the node pool being updated / replaced |
| estimatedPercentageComplete int | EstimatedPercentageComplete is the estimated percentage complete of the node pool update This will vary per provider and update strategy and cluster usage |
NodeStatus
NodeStatus is the migration status of a node in a node pool
| Field | Description |
|---|---|
| name string | Name is the name of the node |
| drainStartTime Kubernetes meta/v1.Time | DrainStartTime is the time that the node draining was initiated This is used along with the NodeDrainTimeOut to determine if the node should be force deleted |
| drained bool | Drained is true if the node has been successfully drained (ready for deletion) |
| migrated bool | Migrated is true if the node has been successfully migrated to the new node pool |
| kubeletVersion string | KubeletVersion is the K8s version of the node |
| machineID string | MachineID is the K8s version of the node |
NodeTaint
(Appears on: NodePoolSpec)
NodeTaint is the structure of a taint on a nodepoolhttps://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
| Field | Description |
|---|---|
| key string | Key provides the key definition for this tainer |
| value string | Value is arbitrary value for this taint to compare |
| effect string | Effect is desired action on the taint |
OriginalNodePoolStatus
(Appears on: NodePoolUpdateStatus)
OriginalNodePoolStatus is the status of a node pool being updated / replaced
| Field | Description |
|---|---|
| nodes map[string]*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/compute/v2beta1.NodeStatus | Nodes provide the information about the nodes to migrate stored by name |
| originalAutoScalingOptions AutoScalingOptions | OriginalAutoScalingOptions are the auto scaling options for the node pool before we started migrating |
| autoscalingDisabled bool | AutoscalingDisabled is true if the autoscaling has been disabled |
| deleted bool | Deleted indicates if the old node pool has been deleted |
| cordoned bool | Cordoned indicates if the NodePool has been cordoned yet |
| drainStartTime Kubernetes meta/v1.Time | DrainStartTime is the time the node pool started draining |
| migratedNodes int | MigratedNodes is the number of old nodes migrated to the new node pool |
| migrated bool | Migrated indicates if the Workloads have been migrated to the new node pool |
| size int64 | Size is the size of the old NodePool |
PackageValue
(Appears on: NamespaceClaimStatus)
PackageValue represents a value in a package release
| Field | Description |
|---|---|
| name string | Name is the name of the value field |
| description string | Description is an explanation of value’s significance/usage |
| value string | Value is a representation of the value |
PodSecurityStandard
(Appears on: Security)
PodSecurityStandard defines the Pod Security Standard options
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the addons is enabled |
| defaultProfile string | DefaultProfile is the default profile to use for the cluster wayfinder managed namespaces |
| allowed []string | AllowedProfiles is a list of profiles that are allowed to be used in the cluster |
ProviderStatus
(Appears on: ClusterStatus)
ProviderStatus is a broken down status per provider for the cluster - i.e. outputs from the clusters which are specific to the clouds
| Field | Description |
|---|---|
| eks EKSClusterStatus | EKS is the provider status for AWS |
| aks AKSClusterStatus | AKS is the provider status for Azure |
ProviderType (string)
(Appears on: ClusterProviderDetails, NodePoolProviderDetails)
ProviderType represents the concrete type of account that a CloudAccount represents
ProvisioningState (string)
(Appears on: NodePoolStatus)
| Value | Description |
|---|---|
"Provisioning" | ProvisioningStateCreating is the state when the node pool is being created |
"Degraded" | ProvisioningStateDegraded is the state when the node pool is degraded |
"Deleting" | ProvisioningStateDeleting is the state when the node pool is being deleted |
"Failed" | ProvisioningStateFailed is the state when the node pool is failed |
"Succeeded" | ProvisioningStateSucceeded is the state when the node pool is created |
"Unknown" | ProvisioningStateUnknown is the state when the node pool is unknown |
"Updating" | ProvisioningStateUpdating is the state when the node pool is being updated |
QuotaLimitSpec
(Appears on: QuotaLimit)
QuotaLimitSpec provide the default ResourceQuota and LimitRange settings. They can be applied to all namespaces for a workspace Optionally they can relate to specific namespaces only
| Field | Description |
|---|---|
| name string | TemplateName is the immutable name to track the tempate that was used Would normally specify a QuotaLimit “size” for a tenant |
| constraints Constraints | Constraints are for providing management of resource constraints to workloads - Typically only managed by cluster owners to provide hard resource constraints - Used to prevent noisy neigbor issues in a multi-tenanted environment |
| namespaceClaim Ownership | NamespaceClaim is the reference for a specific namespace claim that resulted in this object |
QuotaLimitStatus
(Appears on: QuotaLimit)
QuotaLimitStatus provides the status of a QuotaLimit object
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) Status is the status of the QuotaLimit |
QuotaLimitTemplate
(Appears on: ClusterQuotaLimits)
QuotaLimitTemplate provides template values on clusters and plans
| Field | Description |
|---|---|
| name string | TemplateName is the immutable name to track the tempate that was used Would normally specify a QuotaLimit “size” for a tenant |
| constraints Constraints | Constraints are for providing management of resource constraints to workloads - Typically only managed by cluster owners to provide hard resource constraints - Used to prevent noisy neigbor issues in a multi-tenanted environment |
| resourceDefaults []LimitRangeDefault | ResourceDefaults provide defaults for workloads (to prevent initial constraint violations) Not set directly or managed by owners (as only maximum values taken so should not conflict) |
Security
(Appears on: ClusterShared)
Security defines the security options for a cluster
| Field | Description |
|---|---|
| podSecurityStandard PodSecurityStandard | PodSecurityStandard indicates we want to use the pod security standard |
SpotInstancesOptions
(Appears on: NodePoolSpec)
SpotInstancesOptions defines the options for spot instances
| Field | Description |
|---|---|
| enabled bool | Enabled indicates the node pool should use spots |
| aks AKSNodePoolSpotInstances | AKS defines the options for AKS spot instances |
| eks EKSNodePoolSpotInstances | EKS provides additional options for EKS |
UnmanagedContainerRegistryParameters
(Appears on: ContainerRegistryProviderDetails)
UnmanagedContainerRegistryParameters
| Field | Description |
|---|---|
| secret Kubernetes core/v1.SecretReference |
UnmanagedNodePoolSpec
(Appears on: NodePoolProviderDetails)
UnmanagedNodePoolSpec defines the spec for an unmanaged nodepool
UnmanagedSpec
(Appears on: ClusterProviderDetails)
UnmanagedSpec defines the spec for unmanaged cluster
WindowsProfile
(Appears on: AKSSpec)
WindowsProfile is the configuration for Windows VMs
| Field | Description |
|---|---|
| adminPassword string | AdminPassword is the admin password for Windows VMs |
| adminUsername string | AdminUsername is the admin username for Windows VMs |
config.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group
Resource Types:CostImport
CostImport represents an import of costs data into Wayfinder
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||||||||||||
| kind string | CostImport | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec CostImportSpec |
| ||||||||||||||
| status CostImportStatus |
|
CostLimit
CostLimit represents a cluster cost limit
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||
| kind string | CostLimit | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec CostLimitSpec |
| ||||
| status CostLimitStatus |
|
GlobalCostLimit
GlobalCostLimit represents a CostLimit available in a global scope. A GlobalCostLimit may be allocated to workspaces or select other resources based on their labels
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | config.appvia.io/v1alpha1 | ||||
| kind string | GlobalCostLimit | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec CostLimitSpec |
| ||||
| status CostLimitStatus |
|
AWSCostImportParameters
(Appears on: CostImportProviderDetails)
AWSCostImportParameters provides the specific parameters for AWS
| Field | Description |
|---|---|
| s3Region string | S3Region is the region in which to store cost and usage data in S3. Will use the default region from the cloud account if this is unspecified. |
| costUsageBucket string | CostUsageBucket is the name of an S3 bucket in which Wayfinder can find existing cost and usage reports to read. Leave blank to have Wayfinder self-configure with a new bucket as needed. |
| costUsageS3Prefix string | CostUsageS3Prefix is the location within the CostUsageBucket where Wayfinder will find the cost reports. Will be ignored unless CostUsageBucket is specified. |
| costUsageReport string | CostUsageReport is the name of the cost usage report to use. |
AzureCostImportParameters
(Appears on: CostImportProviderDetails)
AzureCostImportParameters provides the specific parameters for Azure
| Field | Description |
|---|---|
| importType AzureCostImportType | ImportType dictates what scope we’re going to import Azure costs for. This must match the type of Cloud Account referenced by this costs import: For BillingAccount the Cloud Account must be an Azure organization with AgreementType of EA or MCA and the BillingAccount populated. For EAEnrollmentAccount the Cloud Account must be an Azure organization with AgreementType of EA and the EnrollmentAccount populated. For MCAInvoiceSection the Cloud Account must be an Azure organization with AgreementType of MCA and the BillingAccount, BillingProfile and InvoiceSection populated. |
AzureCostImportType (string)
(Appears on: AzureCostImportParameters)
AzureCostImportType is the scope level to import Azure costs for
| Value | Description |
|---|---|
"BillingAccount" | AzureCostImportBillingAccount is to import costs for a full billing account |
"EAEnrollmentAccount" | AzureCostImportEAEnrollmentAccount is to import costs for an Enterprise Agreement Enrollment Account |
"MCAInvoiceSection" | AzureCostImportMCAInvoiceSection is to import costs for an MCA invoice section |
"Subscription" | AzureCostImportSubscription is to import costs for a single subscription |
CostImportProvider (string)
(Appears on: CostImportProviderDetails)
CostImportProvider is which cloud provider these provider details are for
| Value | Description |
|---|---|
"AWS" | |
"Azure" | |
"GCP" |
CostImportProviderDetails
(Appears on: CostImportSpec)
CostImportProviderDetails provides parameters that are specific to a particular cloud
| Field | Description |
|---|---|
| type CostImportProvider | Type is which cloud provider these provider details are for |
| gcp GCPCostImportParameters | (Optional) GCP holds parameters specific to importing GCP costs data. Present only if type is GCP. |
| aws AWSCostImportParameters | (Optional) AWS holds parameters specific to importing AWS costs data. Present only if type is AWS. |
| azure AzureCostImportParameters | (Optional) Azure holds parameters specific to importing Azure costs data. Present only if type is Azure. |
CostImportRun
(Appears on: CostImportStatus)
CostImportRun represents the result of an execution of a cost import
| Field | Description |
|---|---|
| status Status | Status indicates whether this import completed successfully (Success), is running (Pending) or failed (Failure) |
| time Kubernetes meta/v1.Time | Time indicates when this import was executed - may be nil if the import has been scheduled but not yet started |
| rowCount int | RowCount indicates how many rows of cost data were imported, if any. |
| log string | Log contains the log (in JSON) of this import |
CostImportSpec
(Appears on: CostImport)
CostImportSpec defines the specification of the cost import
| Field | Description |
|---|---|
| cloud string | Cloud defines which cloud this costs import is from |
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef identifies which cloud access config (organization or shared) should be used to pull costs data from. Must relate to the same cloud provider as specified in Cloud. |
| cloudIdentity CloudIdentityReference | CloudIdentity specifies an optional custom credential to use for this integration, instead of using the default credentials for the CloudAccount. |
| frequencyMinutes int | FrequencyMinutes describes how many minutes to leave between imports, e.g. 30 would import twice per hour. If greater than 60, should be a multiple of 60 (other values will be rounded to an integer number of hours, e.g. 90 will round to 120, 89 will round to 60). |
| daysHistory int | DaysHistory determines how many days worth of historical data to consider each time this import is run |
| importZeroCostItems bool | ImportZeroCostItems determines whether zero-costed line items in the cloud providers’ cost data is imported to wayfinder or not. |
| providerDetails CostImportProviderDetails | ProviderDetails provides the cloud-specific configuration details |
CostImportStatus
(Appears on: CostImport)
CostImportStatus defines the status of this costs integration
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| history []CostImportRun | History contains the recent history of runs of this cost import (most recent last) |
CostLimitScope
(Appears on: CostLimitSpec)
CostLimitScope defines which clusters and stages the cost limit should apply to
| Field | Description |
|---|---|
| allocation ResourceAllocation | Allocation defines which workspace(s) this limit applies to |
| selector Kubernetes meta/v1.LabelSelector | Selector is the stage(s) the limit is scoped to |
CostLimitSpec
(Appears on: CostLimit, GlobalCostLimit)
CostLimitSpec defines the spec of a limit to be provisioned
| Field | Description |
|---|---|
| limit int64 | Limit defines the max (estimated) cost of a cluster within the given scope in microdollars |
| scope CostLimitScope | Scope defines the scope of the limit. |
CostLimitStatus
(Appears on: CostLimit, GlobalCostLimit)
CostLimitStatus defines the status of the CostLimit
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
GCPCostImportParameters
(Appears on: CostImportProviderDetails)
GCPCostImportParameters provides the specific parameters for GCP
| Field | Description |
|---|---|
| billingAccount string | BillingAccountName is the billing account we’re importing costs for. If unspecified, Wayfinder will use the Billing Account specified on the cloud account (if it’s of type Organization). If neither of these are specified, this configuration will not be valid. Example: ‘012345-567890-ABCDEF’ |
| datasetProject string | DatasetProject is the GCP project in which to find/create the BigQuery dataset. If unspecified Wayfinder will use the project from the referenced cloud account. |
| datasetRegion string | DatasetRegion is the GCP region (or regional area) in which the BigQuery dataset should be created / accessed. If unspecified, Wayfinder will use the default region from the referenced cloud account. Examples: * EU (geo-dispersed across multiple EU GCP regions) * US (geo-dispersed across multiple US GCP regions) * europe-west2 (London) |
| datasetName string | DatasetName is an optional custom name of the BigQuery dataset to query to retrieve costs data. If unspecified, Wayfinder will assume a dataset named wf-costs. |
GlobalOrScopedCostLimit
GlobalOrScopedCostLimit provides a common interface for global or scoped limits
core.appvia.io/v1alpha1
Package v1 contains the core api resources
Resource Types:ActionSelector
ActionSelector is used to filter on the operation type
| Field | Description |
|---|---|
| verbs []string |
Allocatable
Allocatable must be implemented by CRDs which are allocateable
CloudAccessConfigValuesFrom
(Appears on: ValuesFrom)
CloudAccessConfigValuesFrom is used to reference a values from an associated cloud access config
| Field | Description |
|---|---|
| Value Value | (Members of Value are embedded into this type.) |
ClusterCapability
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| name string | Name is the name of the capability | ||||||||||||||||||
| status CommonStatus |
| ||||||||||||||||||
| spec ClusterCapabilitySpec |
|
ClusterCapabilitySpec
(Appears on: ClusterCapability)
ClusterCapabilitySpec defines the state of the capability on the cluster
| Field | Description |
|---|---|
| description string | Description is the description of the capability |
| enabled bool | Enabled states if capability is enabled |
| readOnly bool | ReadOnly states if the capability can/cannot be enabled |
| - string | EnableLabel is internal struct to store the label with which addon should be enabled. Not marshaled in API responses |
ClusterPackage
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| name string | Name is the name of the package version | ||||||||||||||||||
| status CommonStatus |
| ||||||||||||||||||
| spec ClusterPackageSpec |
|
ClusterPackageCapability
| Field | Description |
|---|---|
| exposed bool | Exposed defines whether the package is exposed as a capability |
| enabled bool | Enabled states if capability is enabled on the cluster |
| readOnly bool | ReadOnly states if the capability can/cannot be enabled |
ClusterPackageSpec
(Appears on: ClusterPackage)
| Field | Description |
|---|---|
| packageName string | PackageName is the name of the package the version satisfies |
| description string | Description is the description of the package |
| version string | Version is the semantic version of the package version |
| chartVersion string | ChartVersion is the version of the underlying helm chart |
ClusterValuesFrom
(Appears on: ValuesFrom)
ClusterValuesFrom is used to reference a values from an associated cluster
| Field | Description |
|---|---|
| Value Value | (Members of Value are embedded into this type.) |
CommonStatus
(Appears on: CloudOrgStatus, ManagedCloudAccountStatus, AppEnvStatus, ApplicationStatus, CloudAccessConfigStatus, CloudIdentityStatus, WorkloadIdentityStatus, CloudResourcePlanStatus, ClusterPlanStatus, ClusterStatus, ContainerRegistryStatus, KubernetesUpdateStatus, NamespaceClaimStatus, NodePoolStatus, NodePoolUpdateStatus, QuotaLimitStatus, CostImportStatus, CostLimitStatus, ClusterCapability, ClusterPackage, DNSZoneStatus, AssignableNetworkStatus, NetworkFabricPlanStatus, NetworkFabricStatus, PeeringRuleStatus, PeeringStatus, AccessTokenStatus, ChannelStatus, DefaultWorkspaceGroupStatus, StageStatus, UserStatus, WayfinderGroupStatus, WayfinderRoleBindingStatus, WayfinderRoleStatus, WorkspaceGroupStatus, WorkspaceInvitationStatus, WorkspaceRoleBindingStatus, WorkspaceStatus, PackageReleaseStatus, PackageStatus, PackageUpdateStatus, RepositoryReleaseStatus, RepositoryStatus, AccessPolicyStatus, AccessRoleBindingStatus, AccessRoleStatus, ClusterPolicyStatus, GlobalAccessPolicyStatus, GlobalAccessRoleStatus)
| Field | Description |
|---|---|
| status Status | Status is the overall status of the resource. This will shortly become required, hence no omit empty here. |
| message string | Message is a description of the current status |
| detail string | (Optional) Detail is any additional human-readable detail to understand the current status, for example, the full underlying error which caused an issue |
| conditions Conditions | Conditions represents the observations of the resource’s current state. |
| lastReconcile LastReconcileStatus | LastReconcile describes the generation and time of the last reconciliation |
| lastSuccess LastReconcileStatus | LastSuccess descibes the generation and time of the last reconciliation which resulted in a Success status |
| cloudResourcesCreated bool | CloudResourcesCreated indicates that at some point, this resource has successfully created one or more cloud resources. This is used when deleting to decide whether to fail or ignore if a related cloud access config is inaccessible. |
| obsoleteResources ObsoleteResourceList | ObsoleteResources contains a list of resources that are marked for deletion |
| wayfinderVersion string | WayfinderVersion is the version of Wayfinder that last reconciled this resource |
CommonStatusAware
CommonStatusAware is implemented by any Wayfinder resource which has the standard Wayfinder common status implementation
Component
Component the state of a component of the resource
| Field | Description |
|---|---|
| name string | Name is the name of the component |
| status Status | Status is the status of the component |
| message string | Message is a human readable message on the status of the component |
| detail string | Detail is additional details on the error is any |
| resource Ownership | Resource is a reference to the resource |
Components ([]*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/core/v1alpha1.Component)
Components is a collection child components for a resource
Condition
Condition is the current observed condition of some aspect of a resource
| Field | Description |
|---|---|
| type ConditionType | Type of condition in CamelCase or in foo.example.com/CamelCase.Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
| status Kubernetes meta/v1.ConditionStatus | Status of the condition, one of True, False, Unknown. |
| observedGeneration int64 | (Optional) ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. |
| lastTransitionTime Kubernetes meta/v1.Time | LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. |
| reason string | Reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. |
| message string | (Optional) Message is a human readable message indicating details about the transition. This may be an empty string. |
| name string | Name is a human-readable name for this condition. |
| detail string | (Optional) Detail is any additional human-readable detail to understand this condition, for example, the full underlying error which caused an issue |
| negativePolarity bool | (Optional) NegativePolarity indicates this is a ‘normal-false’ condition - i.e. the ‘normal’/‘successful’ status for this condition is metav1.ConditionFalse. This will be the case for conditions such as ‘OutOfMemory’. If unset/false, positive polarity can be assumed - i.e. that metav1.ConditionTrue indicates the ‘normal’/‘successful’ status. This will be the case for conditions such as ‘Deployed’ |
ConditionSpec
ConditionSpec describes the shape of a condition which will be populated onto the status
| Field | Description |
|---|---|
| Type ConditionType | The PascalCase condition type, e.g. ServiceAvailable or InsufficientCapacity. See ConditionType for the rules on condition types. |
| Name string | Name is a human-readable name for this condition, used for UI and CLI reporting / explanation If Name is empty, the Type will be used also as the Name. |
| DefaultStatus Kubernetes meta/v1.ConditionStatus | DefaultStatus is the default status - if unset, metav1.ConditionUnknown will be used. |
| NegativePolarity bool | NegativePolarity indicates this is a ‘normal-false’ condition - i.e. the ‘normal’/‘successful’ status for this condition is metav1.ConditionFalse. This will be the case for conditions such as ‘OutOfMemory’, ‘Degraded’. If unset/false, positive polarity will be assumed - i.e. that metav1.ConditionTrue indicates the ‘normal’/‘successful’ status. This will be the case for conditions such as ‘Deployed’ or ‘Available’. |
ConditionType (string)
(Appears on: Condition, ConditionSpec)
ConditionType defines a type of a condition in PascalCase or in foo.example.com/PascalCase
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
| Value | Description |
|---|---|
"Ready" | ConditionReady describes the overall status of the resource. All Wayfinder resources should set ConditionReady |
"Paused" |
Conditions ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/core/v1alpha1.Condition)
(Appears on: CommonStatus)
ConfigurationFromSource
| Field | Description |
|---|---|
| path string | Path is the JSON path of the configuration parameter Examples: “field”, “map_field.value”, “array_field.0”, “array_field.0.value” To append a value to an existing array: “array_field.-1” To reference a numeric key on a map: “map_field.:123.value” |
| secretKeyRef OptionalSecretKeySelector | SecretKeyRef is a reference to a key in a secret |
DomainValuesFrom
(Appears on: ValuesFrom)
DomainValuesFrom is used to reference the default domain attached to the cluster We support zones with direct mode only. createChildZone will create child zone with same selector with direct mode.
| Field | Description |
|---|---|
| Value Value | (Members of Value are embedded into this type.) |
| optional bool | Optional is a flag to indicate if the value is required. |
| limit int64 | Limit is a flag to indicate if the value is limited to specific number of values |
| asArray bool | AsArray places the matching values(s) from the domains into the value as an array. If false, multiple values will be comma-concatenated into a string. |
| matchLabels Kubernetes meta/v1.LabelSelector | MatchLabels is used to find one or more specific domain resources for inject - be careful unless intended not to match multiple as we will inject the zone names as an array |
LastReconcileStatus
(Appears on: CommonStatus, RoutingTargetStatus)
| Field | Description |
|---|---|
| time Kubernetes meta/v1.Time | Time is the last time the resource was reconciled |
| generation int64 | Generation is the generation reconciled on the last reconciliation |
Object
Object is the standard interface implemented by Wayfinder CRDs
ObsoleteResource
ObsoleteResource is a resource that is marked for deletion
| Field | Description |
|---|---|
| kind obsoleteResourceKind | Kind is the kind of the resource, eg. IAMRole |
| name string | Name is the name of the resource, eg. my-iam-role |
OptionalSecretKeySelector
(Appears on: ConfigurationFromSource)
| Field | Description |
|---|---|
| SecretKeySelector SecretKeySelector | (Members of SecretKeySelector are embedded into this type.) |
| optional bool | Optional controls whether the secret with the given key must exist |
Ownership
(Appears on: AppEnvSpec, WorkloadIdentitySpec, ResourceValuesFrom, NamespaceClaimSpec, Networking, QuotaLimitSpec, Component, ResourceValuesFrom, RoutingTargetStatus, UpdateStep, UpdateStepStatus, DNSZoneSpec, FirewallSpec, PeeringSpec, PackageReleaseSpec, RepositoryReleaseSpec, RepositorySpec, AccessRoleBindingSpec, SecurityResourceOverview, SecurityScanResultSpec)
Ownership indicates the ownership of a resource
| Field | Description |
|---|---|
| group string | Group is the api group |
| version string | Version is the group version |
| kind string | Kind is the name of the resource under the group |
| namespace string | Namespace is the location of the object |
| name string | Name is name of the resource |
PlanObject
PlanObject is the interface that all plan compatible objects must implement
PlanPolicy
PlanPolicy defines possible entries for a spec
| Field | Description |
|---|---|
| editable bool | Editable indicates the entry can or cannot be changed |
| enum []string | Enum is a collection of possible values |
| max int64 | Max is a max to the value |
| min int64 | Min is a minimum to the value |
| path string | Path is the a json path to the value |
| pattern string | Pattern is used as regex constraint on the input |
| summary string | Summary provides an optional description to the field attribute |
PlanSpec
(Appears on: CloudResourcePlanSpec, ClusterPlanSpec, NetworkFabricPlanSpec)
PlanSpec defines the desired state of Plan
| Field | Description |
|---|---|
| allocation ResourceAllocation | Allocation defines one or more workspaces which are permitted to access this plan |
| labels map[string]string | Labels is a collection of labels for this plan |
| policies []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/core/v1alpha1.PlanPolicy | Policies are a collection of policies related to the use of the plan |
ResourceAllocation
(Appears on: CloudOrgSpec, ClusterSpec, CostLimitScope, PlanSpec, DNSZoneSpec, PeeringRuleFilters)
ResourceAllocation describes who is allowed to use a resource across workspace boundaries.
| Field | Description |
|---|---|
| type ResourceAllocationType | Type controls which workspaces can use this resource . If ‘none’, this resource cannot be used by workspaces other than the one the resource exists in. ‘all’ allows it to be used by all workspaces, and ‘workspaces’ indicates it can be used by the workspaces listed in the workspaces property. |
| workspaces WorkspaceKeys | Workspaces indicates which workspaces can use this resource. Ignored unless type is set to ‘workspaces’. |
ResourceAllocationType (string)
(Appears on: ResourceAllocation)
ResourceAllocationType represents the possible types of resource allocation
| Value | Description |
|---|---|
"all" | ResourceAllocationAll indicates that the resource can be used by all workspaces |
"none" | ResourceAllocationNone indicates that the resource can only be used by the workspace that owns it |
"workspaces" | ResourceAllocationWorkspaces indicates that the resource can be used by a specified set of workspaces |
ResourceSelector
ResourceSelector is a resource selector
| Field | Description |
|---|---|
| nonResourceURLs []string | NonResourceURLs are urls which do not map to resources by require some level of policy control |
| groups []string | Groups is a collection of api grouprs to filter on |
| resources []string | Resources is a collection of resources under those groups |
| subresources []string | SubResources is a collection of subresource under the resource type Deprecated field please use resource/subresource format |
| resourceNames []string | ResourceNames is a collection of resource names |
| labels map[string]string | Labels a collection of labels to filter the resource by |
| verbs []string | Verbs are actions on the resources themselves |
ResourceValuesFrom
(Appears on: ValuesFrom)
ResourceValuesFrom is used to define a reference to a resource
| Field | Description |
|---|---|
| Ownership Ownership | (Members of Ownership are embedded into this type.) |
| Value Value | (Members of Value are embedded into this type.) |
RoutingStatus
(Appears on: ContainerRegistryStatus, PackageStatus, ClusterPolicyStatus)
| Field | Description |
|---|---|
| routing RoutingTargetStatuses | RoutingTargetStatuses is that |
RoutingStatusAware
RoutingStatusAware is implemented by any Wayfinder resource which has the standard Wayfinder routuing status implementation
RoutingTargetStatus
RoutingTargetStatus is the current observed status of a routing action to a target
| Field | Description |
|---|---|
| target Ownership | |
| status Status | |
| error string | (Optional) |
| lastReconcile LastReconcileStatus | LastReconcile describes the generation and time of the last reconciliation |
RoutingTargetStatuses ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/core/v1alpha1.RoutingTargetStatus)
(Appears on: RoutingStatus)
SecretKeySelector
(Appears on: OptionalSecretKeySelector)
| Field | Description |
|---|---|
| name string | Name is the name of the secret |
| namespace string | Name is the namespace of the secret |
| key string | Key is they data key in the secret |
SecretValuesFrom
(Appears on: ValuesFrom)
SecretValuesFrom is used to define a reference to a secret
| Field | Description |
|---|---|
| SecretReference Kubernetes core/v1.SecretReference | (Members of SecretReference are embedded into this type.) |
| Value Value | (Members of Value are embedded into this type.) |
Status (string)
(Appears on: CostImportRun, CommonStatus, Component, RoutingTargetStatus, UpdateStepStatus)
Status is the status of a thing
| Value | Description |
|---|---|
"ActionRequired" | ActionRequiredStatus indicates that user action is required to remediate the current state of a resource, e.g. a spec value is wrong or some external action needs to be taken |
"Creating" | CreatingStatus indicate we are creating a resource |
"DeleteError" | DeleteErrorStatus indicates an error has occurred while attempting to delete the resource |
"DeleteFailed" | DeleteFailedStatus indicates that deleting the entity failed |
"Deleted" | DeletedStatus indicates a deleted entity |
"Deleting" | DeletingStatus indicates we are deleting the resource |
"" | EmptyStatus indicates an empty status |
"Error" | ErrorStatus indicates that a recoverable error happened |
"Failure" | FailureStatus indicates the resource has failed for one or more reasons |
"Pending" | PendingStatus indicate we are waiting |
"ReconciliationPaused" | ReconciliationStartedStatus indicates that the reconciliation is paused |
"Success" | SuccessStatus is a successful resource |
"Unknown" | Unknown is an unknown status |
"Updating" | UpdatingStatus indicate we are creating a resource |
"Warning" | WarningStatus indicates are warning |
SubjectSelector
SubjectSelector is used to filter down in the caller
| Field | Description |
|---|---|
| subjects []string | Subjects is a collection of subjects / username to filter on |
| roles []string | Roles is a collection of roles the user has access to |
| groups []string | Groups is a collection of groups the user is a member of |
| scopes []string | Scopes is a collection of scopes for the identity |
UpdateObject
UpdateObject is the interface that all update compatible objects must implement
UpdateSpec
(Appears on: KubernetesUpdateSpec, NodePoolUpdateSpec, PackageUpdateSpec)
UpdateSpec are the fields required by an update compatible object on the spec
| Field | Description |
|---|---|
| preRequisite UpdateStep | PreRequisite is any steps that can block this update |
| awaitingApproval bool | AwaitingApproval specifies that the step is blocked until the user confirms No more reconciliation will be attempted until this is set to false |
| nextSteps UpdateStep | Next is the single next steps after this update Not required if there are no further steps Provided as a convenience to allow for a UI to show the next step - E.g. a final manual intervention step could indicate what will happen when the user confirms |
UpdateStatus
UpdateStatus are the status fields required by an update compatible object
| Field | Description |
|---|---|
| preRequisite UpdateStepStatus | PreRequisites are the current status of the pre-requisites |
| startTime Kubernetes meta/v1.Time | StartTime is the time the update was started Is used to estimate the percentage complete time |
| estimatedPercentageComplete int | EstimatedPercentageComplete is the estimated percentage complete of the update - Based on the time from StartTime and a test of actual updates - not optional, will be 0 if not started |
UpdateStep
(Appears on: UpdateSpec)
UpdateStep is the specification of a step in an update plan or a pre-requisite
| Field | Description |
|---|---|
| owner Ownership | Owner is the object (when relevant) that the step is related to |
UpdateStepStatus
(Appears on: UpdateStatus)
UpdateStepStatus is the current observed status of an update step this is for pre-requisites and next steps
| Field | Description |
|---|---|
| owner Ownership | Owner is the object (when relevant) that the step is related to |
| status Status | Status is the current status of the step |
| error string | Error is the error message if the step failed |
UpdateSteps ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/core/v1alpha1.UpdateStep)
UpdateSteps is a list of update steps envisaged to be present on a rollout plan
Value
(Appears on: CloudAccessConfigValuesFrom, ClusterValuesFrom, DomainValuesFrom, ResourceValuesFrom, SecretValuesFrom)
Value is a default value parameter
| Field | Description |
|---|---|
| path string | Path is the path into the helm values |
| specPath bool | SpecPath is the path into the release spec. |
| key string | Key is a path into the resource data |
| valuePrefix string | ValuePrefix is a prefix which will be prepended to the value patched into the helm values. If specified, this means the value from the key will be coerced to a string |
| valueSuffix string | ValueSuffix is a suffix which will be appended to the value patched into the helm values. If specified, this means the value from the key will be coerced to a string |
ValuesFrom
(Appears on: PackageSpec)
ValuesFrom defines a means to extract a value out of a resource and into the values for an arbitrary destination, such as a helm chart or cloud resource plan
| Field | Description |
|---|---|
| cluster ClusterValuesFrom | Cluster is used to extract a piece of data out of the associated cluster resources and inject into the path defined |
| cloudAccessConfig CloudAccessConfigValuesFrom | CloudAccessConfig is used to extract a piece of data out of the cloud access config associated with the cluster and inject into the path defined |
| resource ResourceValuesFrom | Resource is used to filter on and extract the details from one of more managed resources in Wayfinder. |
| secret SecretValuesFrom | Secret is used to reference a secret in wayfinder |
| domain DomainValuesFrom | Domain is used to reference a domains in wayfinder |
WorkspaceKey (string)
(Appears on: GetRolesIAMRequest, WorkspaceCostSummary, AuditEventSpec, Subject, WorkspaceInvitationSpec, WorkspaceSpec, Subject, SecurityOverviewSpec)
WorkspaceKey is the unique identifier for a workspace in Wayfinder. Use .Namespace() to convert to the right name for the workspace’s namespace in the management cluster.
| Value | Description |
|---|---|
"admin" | AdminWorkspace is the workspace where platform administrative resources live **IMPORTANT: IF THIS VALUE IS CHANGED, ENSURE THAT ui/lib/utils/workspaces.ts IS ALSO UPDATED |
WorkspaceKeys ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/core/v1alpha1.WorkspaceKey)
(Appears on: ResourceAllocation)
WorkspaceKeys is a set of workspace keys
costs.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the cost v1alpha1 API group
Resource Types:Account
Account represents an account
| Field | Description |
|---|---|
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace that owns this asset |
| assetIdentifier string | AssetIdentifier is the unique identifier for this asset |
| name string | Name is the name of the resource in wayfinder, for reference |
| provider string | Provider is the cloud provider who provides this resource |
| account string | Provider is the identifier for this account in the providers |
Asset
Asset represents a resource known to Wayfinder which a cost provider should provide costs data for
| Field | Description |
|---|---|
| tags map[string]string | Tags are a set of tags which can be used to identify this asset |
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace that owns this asset |
| assetIdentifier string | AssetIdentifier is the unique identifier for this asset |
| name string | Name is the name of the resource in wayfinder, for reference |
| provider string | Provider is the cloud provider who provides this resource |
AssetCost
AssetCost defines the details about a cost related to a piece of infrastructure deployed by Wayfinder for a workspace. It is expected that any asset may have multiple AssetCosts covering a specific time period to represent the different charges levied by the provider for that piece of infrastructure.
| Field | Description |
|---|---|
| costIdentifier string | CostIdentifier is the unique identifer for this line of cost data - cost providers must ensure that if a cost line item is updated, it has the same identifier, and that different line items have unique cost identifiers for a given AssetIdentifier. If a cost provider provides immutable cost entries, i.e. they will never be updated, then this can be left blank and Wayfinder will assign a unique identifier. |
| assetIdentifier string | AssetIdentifier is the unique identifier assigned to the resource this cost applies to, e.g. the unique cluster ID, etc. |
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace this resource belongs to. |
| cost int64 | Cost is the actual incurred cost total cost for this piece of infrastructure for the specified time period in microdollars |
| usageStartTime Kubernetes meta/v1.Time | UsageStartTime indicates the start of the period this cost is applicable for |
| usageEndTime Kubernetes meta/v1.Time | UsageEndTime indicates the end of the period this cost is applicable for |
| usageType string | UsageType is the provider-specific code or title for this type of usage (e.g. a SKU or similar) |
| description string | Description identifies the type of cost this line item refers to |
| usageAmount string | UsageAmount is the quantity of the resource used (e.g. amount of storage) |
| usageUnit string | UsageUnit is the unit that UsageAmount is expressed in (e.g. seconds, gibibytes, etc) |
| provider string | Provider indicates which cloud provider this cost relates to |
| account string | Account indicates which account / project / subscription this cost relates to |
| invoice string | Invoice is the invoice on which this cost was billed (in the format YYYYMM, e.g. 202008 for August 2020) |
| retrievedAt Kubernetes meta/v1.Time | RetrievedAt is the time at which this cost item was retrieved/refreshed from the provider |
AssetCostSummary
AssetCostSummary represents the total cost known to wayfinder for an asset (over a period of time)
| Field | Description |
|---|---|
| assetIdentifier string | AssetIdentifier is the unique identifier assigned to the resource this cost applies to, e.g. the unique cluster ID, etc. |
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspaice this resource belongs to. |
| assetName string | AssetName is the name of the asset these costs relate to |
| assetType string | AssetType is the type of the asset these costs relate to |
| provider string | Provider is the cloud provider who provides this assset |
| details []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/costs/v1alpha1.AssetCost | Details provides the individual cost line items that make up this summary |
| CostSummary CostSummary |
Continent
Continent is a geographical grouping of regions
| Field | Description |
|---|---|
| name string | |
| regions []Region |
CostEstimate
CostEstimate defines the result of the cost estimation
| Field | Description |
|---|---|
| minCost int64 | MinCost is the minimum hourly cost estimate in microdollars |
| typicalCost int64 | TypicalCost is the expected / likely hourly cost estimate in microdollars |
| maxCost int64 | MaxCost is the estimated upper limit of the hourly cost in microdollars |
| costElements []CostEstimateElement | CostElements provides details of the different components which make up this cost estimate |
| preparedAt Kubernetes meta/v1.Time | PreparedAt indicates the time this estimate was prepared |
CostEstimateElement
(Appears on: CostEstimate)
CostEstimateElement represents a logical component which has an associated cost
| Field | Description |
|---|---|
| name string | Name is the name of this component |
| minCost int64 | MinCost is the minimum hourly cost estimate of this component in microdollars |
| typicalCost int64 | TypicalCost is the expected / likely hourly cost estimate of this component in microdollars |
| maxCost int64 | MaxCost is the estimated upper limit of the hourly cost of this component in microdollars |
CostSummary
(Appears on: AssetCostSummary, OverallCostSummary, WorkspaceCostSummary)
CostSummary represents a total cost over a period of time
| Field | Description |
|---|---|
| cost int64 | Cost is the actual incurred cost total cost for the specified time period in microdollars |
| usageStartTime Kubernetes meta/v1.Time | StartTime indicates the start of the period this summary includes costs for |
| usageEndTime Kubernetes meta/v1.Time | EndTime indicates the end of the period this summary includes costs for |
InstanceType
InstanceType is an available compute type from a cloud provider
| Field | Description |
|---|---|
| category string | Category is the classification of this instance type |
| name string | Name is the unique identifier of this instance type |
| prices map[github.com/appvia/wayfinder/tmpcrdref/pkg/apis/costs/v1alpha1.PriceType]int64 | Prices gives the price of this instance type in microdollars per hour for the given price type |
| mCpus int64 | MCpus is the number of milliCPUs assigned to this instance type |
| mem int64 | Mem is the amount of memory, expressed in milli-GiBs, assigned to this instance type |
KubernetesDetails
KubernetesDetails is the set of version information for the Kubernetes service on a given provider
| Field | Description |
|---|---|
| refreshed Kubernetes meta/v1.Time | |
| supportedVersionsByRegion map[string][]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/costs/v1alpha1.KubernetesVersion | SupportedVersionsByRegion lists the versions supported in each region of the cloud provider |
KubernetesVersion
| Field | Description |
|---|---|
| version string | Version is the full version (as required by the cloud provider APIs) |
| supported bool | Supported indicates that this version is supported by this version of Wayfinder |
| default bool | Default indicates that this version is the default version for this version of Wayfinder |
OverallCostSummary
OverallCostSummary represents the total costs known to wayfinder over a period of time, and acts as a container for WorkspaceCostSummaries
| Field | Description |
|---|---|
| CostSummary CostSummary | |
| workspaceCosts []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/costs/v1alpha1.WorkspaceCostSummary |
PriceType (string)
PriceType is the possible types of prices for cloud infrastructure
| Value | Description |
|---|---|
"OnDemand" | PriceTypeOnDemand is the normal ‘rack’ price for a piece of infrastructure |
"PreEmptible" | PriceTypePreEmptible is the fixed discounted price which you can use a piece of infrastructure for subject to availability and early termination |
"Spot" | PriceTypeSpot is the variable price which you may be able to use a piece of infrastructure for |
Region
(Appears on: Continent)
Region is a specific cloud provider region
| Field | Description |
|---|---|
| id string | |
| name string | |
| zones []string |
WorkspaceCostSummary
WorkspaceCostSummary represents the total cost known to wayfinder for a workspace (over a period of time)
| Field | Description |
|---|---|
| workspaceIdentifier string | WorkspaceIdentifier is the unique identifier for the workspace these costs belongs to. |
| workspace WorkspaceKey | Workspace is the key of the workspace that these costs belong to |
| assetCosts []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/costs/v1alpha1.AssetCostSummary | AssetCosts gives the detail of the assets which make up this workspace cost |
| CostSummary CostSummary |
dns.appvia.io/v2beta1
Package v2beta1 contains API Schema definitions for the compute v2beta1 API group
Resource Types:DNSZone
DNSZone represents a DNS zone in a specific cloud provider DNS implementation cloud account
| Field | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | dns.appvia.io/v2beta1 | ||||||||||||||||||||||||||
| kind string | DNSZone | ||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||
| spec DNSZoneSpec |
| ||||||||||||||||||||||||||
| status DNSZoneStatus |
|
GlobalDNSZone
GlobalDNSZone represents a DNS zone in a specific cloud provider DNS implementation cloud account, available system-wide
| Field | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | dns.appvia.io/v2beta1 | ||||||||||||||||||||||||||
| kind string | GlobalDNSZone | ||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||
| spec DNSZoneSpec |
| ||||||||||||||||||||||||||
| status DNSZoneStatus |
|
AWSDNSZoneParameters
(Appears on: DNSZoneProviderDetails)
AWSDNSZoneParameters is the parameters for an AWS DNS zone
AzureDNSZoneParameters
(Appears on: DNSZoneProviderDetails)
AzureDNSZoneParameters is the parameters for an Azure DNS zone
| Field | Description |
|---|---|
| resourceGroup string | ResourceGroup identifies an existing resource group in which to place this DNS zone. If this is unpopulated, a new resource group will be created for the zone. |
DNSRecord
| Field | Description |
|---|---|
| RecordType DNSRecordType | |
| Records []string |
DNSRecordType (string)
(Appears on: DNSRecord)
| Value | Description |
|---|---|
"NS" | DNSRecordTypeNS is an ns record |
"TXT" | DNSRecordTypeTXT is a txt record |
DNSZoneAppAvailability
(Appears on: DNSZoneSpec)
| Field | Description |
|---|---|
| stage string | Stage is the stage this zone will provide app DNS zones for. A global zone can only provide DNS zones for a single stage - create two global zones for different domains to automate provisioning of app DNS zones for different stages. |
DNSZoneClusterAvailability
(Appears on: DNSZoneSpec)
| Field | Description |
|---|---|
| mode DNSZoneClusterAvailabilityMode | Mode defines how this zone will be made available in the targeted clusters. If ‘direct’, this zone will be directly available in the targeted clusters using External DNS. If ‘createChildZone’, child zones of this zone will be automatically created and made available in the targeted clusters. For ‘direct’ mode, the zone can only be made available in clusters of the relevant type for the provider of the DNS zone (e.g. AWS Route 53 zones can be made available directly in AWS EKS clusters). This restriction does not apply for ‘createChildZone’ mode. ‘direct’ mode is only supported for workspace-scoped DNS zones, global DNS zones cannot be made directly. |
| selectors Kubernetes meta/v1.LabelSelector | Selectors define which clusters the zone should be available in |
DNSZoneClusterAvailabilityMode (string)
(Appears on: DNSZoneClusterAvailability)
DNSZoneClusterAvailabilityMode are the ways a DNS zone can be made available to clusters
| Value | Description |
|---|---|
"createChildZone" | DNSZoneClusterAvailabilityModeCreateChildZone will auto-provision child zones of this zone dedicated to each targeted cluster |
"direct" | DNSZoneClusterAvailabilityModeDirect will make the zone directly available in the targeted clusters - this mode is not available for global DNS zones |
DNSZoneProviderDetails
(Appears on: DNSZoneSpec)
DNSZoneProviderDetails provides parameters that are specific to a particular type of DNS zone
| Field | Description |
|---|---|
| type DNSZoneType | |
| aws AWSDNSZoneParameters | (Optional) AWS holds parameters specific to an AWS DNS zone. Present only if type is AWS. |
| gcp GCPDNSZoneParameters | (Optional) GCP holds parameters specific to a GCP DNS zone. Present only if type is GCP. |
| azure AzureDNSZoneParameters | (Optional) Azure holds parameters specific to an Azure DNS zone. Present only if type is Azure. |
DNSZoneProviderStatus
(Appears on: DNSZoneStatus)
| Field | Description |
|---|---|
| azure DNSZoneProviderStatusAzure | Azure provides information about the status of this Azure DNS zone |
DNSZoneProviderStatusAzure
(Appears on: DNSZoneProviderStatus)
| Field | Description |
|---|---|
| resourceGroup string | ResourceGroup is the assigned resource group in which this domain resides. |
DNSZoneRef
(Appears on: DNSZoneSpec)
| Field | Description |
|---|---|
| namespace string | Namespace which contains the DNSZone, leave empty if this is a reference to a GlobalDNSZone |
| name string | Name of the DNSZone or GlobalDNSZone |
DNSZoneSpec
(Appears on: DNSZone, GlobalDNSZone)
DNSZoneSpec defines the specification of a DNS zone which should be provisioned
| Field | Description |
|---|---|
| provider string | Provider defines which DNS provider to use to create this zone |
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef is a reference to the cloud access config that should be used to create the DNS zone. This may not be required for all DNS providers. |
| parentZone DNSZoneRef | ParentZone should be set to make this zone a child of another zone managed by Wayfinder. Setting this allows Wayfinder to automatically manage the delegation of this zone. |
| domain string | Domain is the domain name that this zone will represent |
| private bool | Private indicates that this is a private DNS zone, if applicable for the provider |
| network Ownership | Network should be specified if private is true to indicate what network this private DNS zone should be provisioned with. Ignored if Private is false/unspecified. |
| providerDetails DNSZoneProviderDetails | ProviderDetails provides additional fields which can be used for DNS-provider specific data needed to provision this zone |
| cloudResourceName string | CloudResourceName specifies the name of the DNS zone in the DNS provider Can be left blank so that the name is derived from the resource name |
| unmanaged bool | Unmanaged should be set to true to indicate that this zone should not be built or deleted by Wayfinder, but should be verified to exist in the specified DNS provider and, thus, will be usable as a parent zone. Ensure CloudResourceName is also set if this provider requires a name (other than the domain) to find this unmanaged zone, e.g. GCP’s ‘Zone name’. |
| availableToClusters DNSZoneClusterAvailability | AvailableToClusters allows this zone, or automatically-created child zones of it, to be made available automatically in the targeted clusters, with ExternalDNS deployed and configured. Leave unspecified to not make this zone available in any clusters. For a GlobalDNSZone, this provide DNS in any workspace (subject to the label selectors you define and the allocation specified in the Allocation field). For a DNSZone, this will only provide DNS for clusters in the same workspace the zone is created in. |
| availableToApps DNSZoneAppAvailability | AvailableToApps allows a global zone to be identified for auto-provisioning of app-specific DNS zones. This is only valid on global DNS zones and is ignored otherwise. |
| manualChildZoneCreation bool | ManualChildZoneCreation defines whether workspaces should be able to manually provision child DNS zones within a cluster Leave unspecified to prevent the manual creation in clusters. |
| allocation ResourceAllocation | Allocation defines which workspaces can create child zones from this DNS zone. Only applicable to GlobalDNSZones. This must be set for AutoProvisionChildZones to have any effect. |
DNSZoneStatus
(Appears on: DNSZone, GlobalDNSZone)
DNSZoneStatus defines the status of a cloud account
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| nameservers []string | Nameservers are the authoritative nameservers that are required to be set for this zone. |
| delegated bool | Delegated indicates this zone has been correctly delegated |
| txtrecord string | VerificationRecord contains a txt record if needed for verification |
| zoneID string | ZoneID contains a DNS-provider specific unique reference to the zone created for this resource. Azure - ResourceID, AWS - ZoneID, GCP - ZoneName |
| providerStatus DNSZoneProviderStatus | ProviderStatus provides any provider-specific status information about this zone. |
DNSZoneType (string)
(Appears on: DNSZoneProviderDetails)
DNSZoneType represents the concrete type of a DNS Zone to provide
| Value | Description |
|---|---|
"AWS" | DNSZoneTypeAWS is for AWS Route 53 zone |
"Azure" | DNSZoneTypeAzure is for Azure DNS zone |
"GCP" | DNSZoneTypeGCP is for GCP Cloud DNS zone |
GCPDNSZoneParameters
(Appears on: DNSZoneProviderDetails)
GCPDNSZoneParameters is the parameters for a GCP DNS zone
GlobalOrScopedDNSZone
GlobalOrScopedDNSZone provides a common interface for global or workspace-scoped DNS zones
SortDNSZonesByDomain ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/dns/v2beta1.DNSZone)
SortDNSZonesByDomain is a list of DNS zones which can be sorted by the spec domain
SortZonesByDomain ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/dns/v2beta1.GlobalOrScopedDNSZone)
SortZonesByDomain is a list of global or scoped DNS zones which can be sorted by the spec domain
networking.appvia.io/v2beta1
Package v2beta1 contains API Schema definitions for the compute v2beta1 API group
Resource Types:AssignableNetwork
AssignableNetwork is the definition for an assignable network range
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v2beta1 | ||||||||||||
| kind string | AssignableNetwork | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec AssignableNetworkSpec |
| ||||||||||||
| status AssignableNetworkStatus |
|
FirewallRules
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v2beta1 | ||||
| kind string | FirewallRules | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec FirewallSpec |
| ||||
| status FirewallStatus |
NetworkFabric
NetworkFabric is the schema for NetworkFabric
| Field | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v2beta1 | ||||||||||||||||||||||||||
| kind string | NetworkFabric | ||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||
| spec NetworkFabricSpec |
| ||||||||||||||||||||||||||
| status NetworkFabricStatus |
|
NetworkFabricPlan
NetworkFabricPlan is the Schema for the plans API
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v2beta1 | ||||||||
| kind string | NetworkFabricPlan | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec NetworkFabricPlanSpec |
| ||||||||
| status NetworkFabricPlanStatus |
|
Peering
Peering is tracking resource which is used to create a connection between the source network and an external network
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v2beta1 | ||||||
| kind string | Peering | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec PeeringSpec |
| ||||||
| status PeeringStatus |
|
PeeringRule
PeeringRule providing a policy definition for peering
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | networking.appvia.io/v2beta1 | ||||||
| kind string | PeeringRule | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec PeeringRuleSpec |
| ||||||
| status PeeringRuleStatus |
|
AssignableNetworkRange
AssignableNetworkRange defines a assignable network range
| Field | Description |
|---|---|
| range string | Range is the CIDR range of the network |
| type AssignableNetworkType | Type is the network type being defined - i.e. pods, clusters, services or node |
AssignableNetworkSpec
(Appears on: AssignableNetwork)
AssignableNetworkSpec define the definitions for network ranges
| Field | Description |
|---|---|
| provider string | Providers the provider the range is assigned |
| stages []string | Stages is a collection of stages this network is assignable to. |
| excludeWorkspaces []string | ExcludeWorkspaces is a collection of workspaces whom are excluded from the requirement. |
| includeWorkspaces []string | IncludeWorkspaces is a collection of workspaces who are included as part of the rule - if specified the requirement is only applied to those workspaces - by default we assume this as a wildcard all workspaces |
| networks []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/networking/v2beta1.AssignableNetworkRange | Networks is a collection of network assignment for a particular provider |
| plans []string | Plans is a optional list of plans to associate the range to |
AssignableNetworkStatus
(Appears on: AssignableNetwork)
AssignableNetworkStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
AssignableNetworkType (string)
(Appears on: AssignableNetworkRange, IPv4CIDRBlock)
AssignableNetworkType represents the network type of an assignable network
| Value | Description |
|---|---|
"node" | NodeNetwork defines node network - the range provided to the pools |
"pod" | PodsNetwork defines the range for pods |
"service" | ServicesNetwork defines the service / cluster range |
ExternalNetworkPeer
(Appears on: PeeringRuleDirect)
ExternalNetworkPeer defines the definition when attached to the network to an external network
| Field | Description |
|---|---|
| account string | Account is a cloud agnostic name of the account, subscription or project where the network we are peering to exists |
| location string | Location is the region where the network exists. For AWS this might be eu-west-2, for GCP europe-west2 and so forth |
| identifier string | Identifier is the full resource identity of the virtual network which we are peering to. This AWS and GCP this would be the virtual network name. For Azure this would be the resource group plus the virtual network name. |
| routes IPv4CIDRs | Routes is a collection of network ranges which we want to expose to the peered networks. The route tables of the source networks are automatically amended to push these subnets down the peered connection |
| routeTableSelectors map[string]string | RouteTableSelectors is required when enableAutoApproval is enabled. The field provides a collection of cloud tags which is used to filter on which routing tables in the external network need updating to include the source network routes. Note, this field is not required for GCP or Azure as the route propagation is performed automatically for you. |
FirewallRule
(Appears on: FirewallSpec)
FirewallRule represents the various options associated with a firewall rule. Depending on the cloud, a single FirewallRule might be expanded to multiple individual firewall rules.
| Field | Description |
|---|---|
| name string | Name is the name of the firewall rule. |
| description string | Description is an optional description of the firewall rule. |
| action string | Action dictates whether to allow or deny matching traffic. |
| cidrBlocks []IPv4CIDR | CIDRBlocks is the list of IP address ranges that this rule applies to. |
| direction string | Direction dictates whether this rule applies to inbound or outbound traffic. |
| ipVersion uint16 | IPVersion is the version of the Internet Protocol for the firewall rule. |
| protocols []string | Ports is a list of protocols that this firewall rule applies to. |
| ports []Port | Ports is a list of port numbers that this firewall rule applies to. If omitted, the rule applies to all ports. |
| priority uint16 | Priority dictates the precedences of the firewall rule. Lower values indicate higher priorities. |
FirewallSpec
(Appears on: FirewallRules)
FirewallSpec defines the desired state of a firewall
| Field | Description |
|---|---|
| networkRef Ownership | NetworkRef is a reference to the network associated with the firewall. |
| rules []FirewallRule | Rules is a list of firewall rules. |
FirewallStatus
(Appears on: FirewallRules)
FirewallStatus defines the observed state of a firewall
GCPSecondarySubnetIPRanges
(Appears on: ProviderDetailsSubnetIPv4GCP)
GCPSecondarySubnetIPRanges represents the secondary subnet ranges for GCP when running in private cluster mode
| Field | Description |
|---|---|
| cidrBlock IPv4CIDR | CIDRBlock is the IP address range for the subnet. |
| type GCPSubnetDefaultSubnetName | Type determines what type of secondary range ip address this is. |
GCPSubnetDefaultSubnetName (string)
(Appears on: GCPSecondarySubnetIPRanges)
GCPSubnetDefaultSubnetName represents the default subnets names for GKE private clusters
| Value | Description |
|---|---|
"pods" | GCPSubnetDefaultSubnetNamePods represents the default subnet name for GCP pods networks |
"services" | GCPSubnetDefaultSubnetNameServices represents the default subnet name for GCP services networks |
IPv4CIDR (string)
(Appears on: FirewallRule, GCPSecondarySubnetIPRanges, IPv4CIDRBlock, NetworkFabricRoute, NetworkFabricSubnetIPv4)
IPv4CIDR represents an IP range in the A.B.C.D/N format
IPv4CIDRBlock
CidrBlock represents an IPv4Cidr block and its use case
| Field | Description |
|---|---|
| type AssignableNetworkType | Type is what the cidr block is used for |
| cidr IPv4CIDR | CIDR is the cidr range in the A.B.C.D/N format |
| size int | Size is the size of the CIDR range to be allocated if not specified |
IPv4CIDRBlocks ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/networking/v2beta1.IPv4CIDRBlock)
(Appears on: NetworkFabricIPv4)
IPv4CIDRBlocks is a list of IPv4 addresses with a type
IPv4CIDRs ([]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/networking/v2beta1.IPv4CIDR)
(Appears on: ExternalNetworkPeer, PeeringRuleGateway)
IPv4CIDRs is a list of IPv4 addresses
NetworkFabricGateway
NetworkFabricGateway are cloud agnostic settings for nat gateway
| Field | Description |
|---|---|
| associate NetworkFabricGatewayAssociation | Associate is the location of the gateway |
| ipv4 NetworkFabricGatewayIPV4 | IPv4 defines the ip allocation options of the gateway |
| nat NetworkFabricGatewayNATOptions | NAT provides cloud agnostic settings for the NAT gateway itself |
NetworkFabricGatewayAssociation
(Appears on: NetworkFabricGateway)
NetworkFabricGatewayAssociation is used to define where the gateway should reside
| Field | Description |
|---|---|
| subnet string | Subnet is reference to the subnet the gateway should reside. Note the subnet must be defined in the subnets sections below. Note, GCP does not require this settings, CloudNAT is associated to a network |
| location string | Location defines the regional the gateway should reside in. This is only required for GCP where cloud gateways are regional rather than designated to an availability zone |
NetworkFabricGatewayIPV4
(Appears on: NetworkFabricGateway)
NetworkFabricGatewayIPV4 are the options related to ipv4 settings on a nat gateway
| Field | Description |
|---|---|
| mode NetworkFabricGatewayIPV4Mode | Mode defines the mode of how to allocate external address or address pools to the NAT gateway |
| addresses []string | Addresses provides a collection of external addresses which should be associated to the nat gateway, assuming the mode is static. In AWS is the an EIP which has been allocated in the correct region and account. In GCP you can define mutiple external addresses which the CloudNAT will manage |
NetworkFabricGatewayIPV4Mode (string)
(Appears on: NetworkFabricGatewayIPV4)
NetworkFabricGatewayIPV4Mode defines the mode for ipv4 allocation on the gateway
NetworkFabricGatewayNATOptions
(Appears on: NetworkFabricGateway)
NetworkFabricGatewayNATOptions provides the ability to configure cloud agnostic settings on the gateway
| Field | Description |
|---|---|
| subnets []string | Subnet defines the subnets which should be associated and natted through the nat gateway. These must be defined in the subnets section within the network fabric spec. |
NetworkFabricIPv4
(Appears on: NetworkFabricSpec)
NetworkFabricIPv4 is a collection of network ipv4 ranges
| Field | Description |
|---|---|
| cidrBlocks IPv4CIDRBlocks | CIDRBlocks is a list of CIDR blocks that are associated with the network. Includes useCase so a provider or client can decide what they are used for currently only supported use cases are: - “cluster” - “pods” - “services” [AWS] Multiple IP ranges. AWS only supports a single IP range is supported oncreation, but can be updated afterwards to specify additional IP ranges. [GCP] Used as metadata for cluster creation. [Azure] Multiple IP ranges. |
NetworkFabricLayout
(Appears on: NetworkFabricSpec)
NetworkFabricLayout defines the options for wayfinder prescribed network topology
| Field | Description |
|---|---|
| mode NetworkFabricLayoutMode | Mode dictates whether the layout of the network should be set up manually or automatically. If automatic, no other fields should be specified. If manual, fields should be specified manually by the caller. Currently, only “auto” is supported. In future, “manual” will be implemented as required. |
| privateSubnets int | PrivateSubnets is the number of private subnets that should be generated in the network. Mode must be set to “auto” for this field to be valid. |
| publicSubnets int | PublicSubnets is the number of public subnets that should be generated in the network. Mode must be set to “auto” for this field to be valid. |
NetworkFabricLayoutMode (string)
(Appears on: NetworkFabricLayout)
NetworkFabricLayoutMode represents the network fabric layout mode
| Value | Description |
|---|---|
"auto" | NetworkFabricLayoutModeAuto is for network fabric layout mode auto |
"manual" | NetworkFabricLayoutModeManual is for network fabric layout mode manual |
NetworkFabricPlanSpec
(Appears on: NetworkFabricPlan)
NetworkFabricPlanSpec defines the desired state of Plan
| Field | Description |
|---|---|
| PlanSpec PlanSpec | (Members of PlanSpec are embedded into this type.) |
| summary string | Summary provides a short title summary for the network plan It should describe a network in terms that are meaningful for developers: e.g. highest availability network expensive but resilient |
| planProviderDetails PlanProviderDetails | PlanProviderDetails defines the parameters for cloud specific options specifically for a plan |
| template NetworkFabricSpec | Template are the key+value pairs describing a network configuration |
NetworkFabricPlanStatus
(Appears on: NetworkFabricPlan)
NetworkFabricPlanStatus defines the observed state of Plan
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
NetworkFabricPrivateOptions
(Appears on: NetworkFabricSpec)
NetworkFabricPrivateOptions are options related to private networking
| Field | Description |
|---|---|
| enabled bool | Enabled indicates we are expecting the predefined network layout to generate a private network. |
| gateways []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/networking/v2beta1.NetworkFabricGateway | Gateways provides the options around cloud NAT gateways |
NetworkFabricProviderType (string)
(Appears on: ProviderDetails)
NetworkFabricProviderType represents the concrete type of a network fabric provider
| Value | Description |
|---|---|
"aws" | NetworkFabricProviderTypeAWS is for AWS network fabric provider |
"azure" | NetworkFabricProviderTypeAzure is for Azure network fabric provider |
"gcp" | NetworkFabricProviderTypeGCP is for GCP network fabric provider |
NetworkFabricRoute
(Appears on: NetworkFabricSpec)
NetworkFabricRoute is a cloud agnostic definition for a route
| Field | Description |
|---|---|
| name string | Name is the name of the route. |
| description string | Description is an optional description of the route. |
| cidrBlock IPv4CIDR | CIDRBlock represents the range of destination IP addresses that this route applies to. |
| target NetworkFabricRouteTarget | Target is the destination that the traffic bound for IP addresses within CIDRBlock range will be sent to. This target may be a gateway, network interface, or connection through which to send the destination traffic; for example, an internet gateway. |
NetworkFabricRouteTarget
(Appears on: NetworkFabricRoute)
NetworkFabricRouteTarget contains the information necessary to determine the destination that network traffic should be sent to.
TODO: Determine what goes here (IPv4 vs IPv6 routing, local, internet gateway, NAT gateway)
NetworkFabricSpec
(Appears on: NetworkFabric, NetworkFabricPlanSpec)
NetworkFabricSpec defines the desired state of a network
| Field | Description |
|---|---|
| layout NetworkFabricLayout | Layout refers to the layout of the network. It controls whether the various parts - subnets, routes, etc. - are set up manually (i.e. specified in the spec) or automatically (i.e. generated by the provider). |
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef is a reference to the cloud access configuration that should be used to create the network. |
| ipv4 NetworkFabricIPv4 | IPv4 contains the IPv4 configuration associated with the network. |
| location string | Location is the region the network should be created in. [AWS] Region [GCP] The Default location for subnets (as GCP actual networks are global) [Azure] Region Required if this is used for a NetworkFabric, optional on a NetworkFabricPlan |
| cloudResourceName string | CloudResourceName is used to identify the network object in the cloud provider [AWS] Names are not supported, so is a “Name” tag on the VPC [GCP] Name of the Network [Azure] Name of the Virtual Network (VNet) |
| plan string | Plan refers to a “flavour” of network that donates the policy. For example, when |
| provider string | Provider refers to the cloud provider. |
| providerDetails ProviderDetails | ProviderDetails defines cloud-specific network options |
| private NetworkFabricPrivateOptions | Private are options related to private networking |
| routes []NetworkFabricRoute | Routes is the list of routes within the network. Mode must be set to “manual” for this field to be valid. if manual, will be populated from the spec.IPv4.CIDRBlock’s |
| stage string | Stage is the name of the stage for the network. Required when used in a network fabric, optional when used in a network fabric plan. |
| subnets []NetworkFabricSubnet | Subnets is the list of subnets within the network. Mode must be set to “manual” for this field to be valid. |
| tags map[string]string | Tags is a collection of tags to apply to the resources associated with the network, if applicable. |
NetworkFabricStatus
(Appears on: NetworkFabric, ClusterStatus)
NetworkFabricStatus defines the observed state of a network
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| aws NetworkFabricStatusAWS | AWS contains the AWS-specific state for the network |
| azure NetworkFabricStatusAzure | Azure contains the Azure-specific state for the network |
| gcp NetworkFabricStatusGCP | GCP contains the GCP-specific state for the network |
NetworkFabricStatusAWS
(Appears on: NetworkFabricStatus)
NetworkFabricStatusAWS contains the AWS-specific attributes of the status block.
| Field | Description |
|---|---|
| accountID string | AccoundID is the aws account id |
| availabilityZoneIDs []string | AvailabilityZoneIDs is the list of AZ ids |
| availabilityZoneNames []string | AvailabilityZoneIDs is the list of AZ names |
| privateIPV4Addresses []string | PrivateIPV4Addresses provides the list of private subnet addresses |
| privateSubnetIDs []string | PrivateSubnetIDs is a list of subnet IDs to use for the worker nodes |
| publicIPV4Addresses []string | PublicIPV4Addresses provides the list of public subnet addresses |
| ipv4EgressAddresses []string | PublicIPV4EgressAddresses provides the source addresses for traffic coming from the cluster |
| publicSubnetIDs []string | PublicSubnetIDs is a list of subnet IDs to use for resources that need a public IP (e.g. load balancers) |
| securityGroupIDs []string | SecurityGroupIDs is a list of security group IDs to use for a cluster |
| vpcID string | VpcID is the identifier of the VPC |
NetworkFabricStatusAzure
(Appears on: NetworkFabricStatus)
NetworkFabricStatusAzure contains the Azure-specific attributes of the status block.
| Field | Description |
|---|---|
| virtualNetworkID string | VirtualNetworkID is the identifier of the Virtual Network |
| subnetIDs []string | SubnetIDs are the list of subnet IDs in the Virtual Network |
NetworkFabricStatusGCP
(Appears on: NetworkFabricStatus)
NetworkFabricStatusGCP contains the GCP-specific attributes of the status block.
| Field | Description |
|---|---|
| name string | Name is the name of the network in GCP |
| networkRef string | NetworkRef is the cloud provider reference |
| gateways []NetworkFabricStatusGCPGateway | Gateways provides a status on the gateways and any external addresses |
NetworkFabricStatusGCPGateway
(Appears on: NetworkFabricStatusGCP)
NetworkFabricStatusGCPGateway defines the status on the gateway
| Field | Description |
|---|---|
| name string | Name is name of the gateway |
| location string | Location is location of where it resides |
| addresses []string | Addresses is the external ip or self links references associated to the gateway |
NetworkFabricSubnet
(Appears on: NetworkFabricSpec)
NetworkFabricSubnet defines the options for a virtual subnet
| Field | Description |
|---|---|
| name string | Name is the name of the subnet. |
| description string | Description is an optional description of the subnet. |
| location string | Location is the zone or region associated with the subnet. [AWS] Zone [GCP] Region [Azure] Region (same as the Virtual Network) |
| ipv4 NetworkFabricSubnetIPv4 | IPv4 is the Internet Protocol (version 4) configuration for the subnet. |
NetworkFabricSubnetIPv4
(Appears on: NetworkFabricSubnet)
NetworkFabricSubnetIPv4 defines the options for the subnet range
| Field | Description |
|---|---|
| cidrBlock IPv4CIDR | CIDRBlock is the IP address range for the subnet. |
| ipVersion uint16 | IPVersion is the Internet Protocol version of the subnet. |
| type NetworkFabricSubnetType | Type determines whether VMs launched into this subnet should have public or private IP address. If |
| providerDetails ProviderDetailsSubnetIPv4 | ProviderDetails is is the cloud specific configuration for the subnet. |
NetworkFabricSubnetType (string)
(Appears on: NetworkFabricSubnetIPv4)
NetworkFabricSubnetType represents the network fabric subnet type
| Value | Description |
|---|---|
"private" | NetworkFabricSubnetTypePrivate is for network fabric subnet type private |
"public" | NetworkFabricSubnetTypePublic is for network fabric subnet type public |
PeeringGatewayProviderDetails
(Appears on: PeeringRuleGateway)
PeeringGatewayProviderDetails provides a means configure cloud specific options around gateway attachments
| Field | Description |
|---|---|
| aws PeeringGatewayProviderDetailsAWS | AWS defines the cloud specifics for gateway options |
PeeringGatewayProviderDetailsAWS
(Appears on: PeeringGatewayProviderDetails)
PeeringGatewayProviderDetailsAWS are cloud specific options for AWS
| Field | Description |
|---|---|
| enableDNS bool | EnableDNS indicates we should enable or disable dns support via the gateway. Note this defaults to true unless defined. |
PeeringProviderDetails
(Appears on: PeeringRuleDirect)
PeeringProviderDetails provides a means configure cloud specific options around gateway attachments
| Field | Description |
|---|---|
| azure PeeringProviderDetailsAzure | Azure defines the cloud specifics for gateway options |
PeeringProviderDetailsAzure
(Appears on: PeeringProviderDetails)
PeeringProviderDetailsAzure are cloud specific options for Azure
| Field | Description |
|---|---|
| enableUseRemoteGateway bool | EnableUseRemoteGateway indicates if cluster peering should use remote gateway. If set to true, local gateway will not be deployed and remote one configured to be used |
PeeringRuleConnection
(Appears on: PeeringRuleSpec, PeeringSpec)
PeeringRuleConnection provides the definitions for the connection details related to peering
| Field | Description |
|---|---|
| type PeeringRuleConnectionType | Type is the type of peering we are configuring |
| gateway PeeringRuleGateway | Geteway provides the configuration for working with gateways and peering connections via a network backbone such as Transit Gateway. |
| peering PeeringRuleDirect | Peering provides the configuration for direct peering between two networks. By default the peering assumes the management network, though this can be overridden if required |
PeeringRuleConnectionType (string)
(Appears on: PeeringRuleConnection)
PeeringRuleConnectionType represents the concrete type for configuration
PeeringRuleDirect
(Appears on: PeeringRuleConnection)
PeeringRuleDirect defines the options around direct peering
| Field | Description |
|---|---|
| enableAutoApproval bool | EnableAutoApproval indicates we should always accept the peering connection on the other end of the peer. This requires the user provides a cloud access config which the correct permissions to do so. |
| network ExternalNetworkPeer | Network provides the ability to override the network which the peering is created on. By default this is the management cluster. |
| subnets PeeringSubnetFilter | Subnets provides a means to filter which on the subnets you want to push down the peering. By default we assume all the subnets attached to the virtual network should be routed down the peer |
| providerDetails PeeringProviderDetails | ProviderDetails provides the cloud specific options when performing a gateway attachment |
PeeringRuleFilters
(Appears on: PeeringRuleSpec)
PeeringRuleFilters is used to filter down whom the policy should apply
| Field | Description |
|---|---|
| allocation ResourceAllocation | Allocation offers the ability to filter the peering policy down to a collection of workspaces only |
| selectors Kubernetes meta/v1.LabelSelector | Selectors offers the option to filter down which networks the peering policy is applied based on the labels on the network fabric resource. |
PeeringRuleGateway
(Appears on: PeeringRuleConnection)
PeeringRuleGateway defines the options for gateway attachments and peering.
| Field | Description |
|---|---|
| identifier string | Identifier is the cloud specific identifier for the gateway - this could be a transit gateway id in AWS. |
| enableAutoApproval bool | EnableAutoApproval indicates we should always accept the peering connection on the other end of the peer. This requires the user provides a cloud access config which the correct permissions to do so. |
| location string | Location is the cloud region which where the transit gateway resides |
| routes IPv4CIDRs | Routes is a collection of cidr blocks which we need to push down the transit gateway. |
| routeTableSelectors map[string]string | RouteTableSelectors is required when enableAutoApproval is enabled. The field provides a collection of cloud tags which is used to filter on which routing tables in the external network need updating to include the source network routes. |
| providerDetails PeeringGatewayProviderDetails | ProviderDetails provides the cloud specific options when performing a gateway attachment |
PeeringRuleSpec
(Appears on: PeeringRule)
PeeringRuleSpec provides the definition for a peering rule. These are matched against one of more Network Fabric CRD and used to provision a Peer CRD which is used to connect up networks
| Field | Description |
|---|---|
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef provides an optional reference to a cloudaccount which has the permission to carry out the tasks required to fulfil peering or gateway attachments |
| connection PeeringRuleConnection | Connection provides the policy details around how the peering should be achieved |
| filters PeeringRuleFilters | Filters provides the ability to apply a collection of filters to whom the peering policy should apply to |
PeeringRuleStatus
(Appears on: PeeringRule)
PeeringRuleStatus defines the observed state of a peering setup
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| connectionID string | ConnectionID is the ID of the peering or gateway attachment which has been created |
PeeringSpec
(Appears on: Peering)
PeeringSpec defines the definition for the peering connection resource
| Field | Description |
|---|---|
| cloudAccessConfigRef CloudAccessConfigReference | CloudAccessConfigRef provides an optional reference to a cloud access config which details the permission to carry out the tasks required to fulfil peering or gateway attachments |
| connection PeeringRuleConnection | Connection provides the policy details around how the peering should be achieved |
| networkRef Ownership | NetworkRef is the network which we are creating a connection from |
PeeringStatus
(Appears on: Peering)
PeeringStatus defines the observed state of a peering setup
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| peeringID string | PeeringID is the cloud agnostic peering identifier |
PeeringSubnetFilter (map[string]string)
(Appears on: PeeringRuleDirect)
PeeringSubnetFilter provides a means to filter down which subnets in the virtual network we are about to attach should be pushed down the peer. One example would be to only push internal subnets.
PlanProviderDetails
(Appears on: NetworkFabricPlanSpec)
PlanProviderDetails defines the parameters for cloud specific options specifically for a plan
| Field | Description |
|---|---|
| aws PlanProviderDetailsAWS | AWS is the provider specification for AWS networks |
PlanProviderDetailsAWS
(Appears on: PlanProviderDetails)
PlanProviderDetailsAWS defines the AWS-specific NetworkFabric plan only configuration
| Field | Description |
|---|---|
| availabilityZoneIDsByRegion map[string][]string | AvailabilityZoneIDsByRegion is a map of region to availability zone IDs. Allows specifying which zones should be used across accounts when networks are created. |
Port (uint16)
(Appears on: FirewallRule)
Port is a network port.
ProviderDetails
(Appears on: NetworkFabricSpec)
ProviderDetails defines the parameters for cloud specific options - i.e options which cannot be consolidated as they are too specific to the chosen cloud vendor
| Field | Description |
|---|---|
| type NetworkFabricProviderType | Type represents the cloud the NetworkFabric belongs to |
| aws ProviderDetailsAWS | AWS is the provider specification for AWS networks |
| azure ProviderDetailsAzure | Azure is the provider specification for Azure networks |
| gcp ProviderDetailsGCP | GCP is the provider specification for GCP networks |
ProviderDetailsAWS
(Appears on: ProviderDetails)
ProviderDetailsAWS defines the AWS-specific NetworkFabric configuration
| Field | Description |
|---|---|
| availabilityZoneIDs []string | AvailabilityZoneIDs is a list of availability zone ids to use for subnets, and NAT gateways this allows specific availability zones to be specified and matched across any accounts will be populated by the AvailabilityZoneIDsByRegion if not specified directly on the plan A single region must be specified when AvailabilityZoneIDs is used. |
| availabilityZones int | AvailabilityZones is the number of availability zones used for the network. Must be 2 or 3 or not specified. If specified, must equal the number of privateSubnets. Each subnet (public or private) will be created in a different availability zone. |
| natGateways int | NATGateways is the number of NAT gateways to create. Must be 1 or 2 or not specified. If specified, must equal the number of privateSubnets. |
ProviderDetailsAzure
(Appears on: ProviderDetails)
ProviderDetailsAzure defines the Azure-specific NetworkFabric configuration
| Field | Description |
|---|---|
| resourceGroup string | ResourceGroup is the Azure resource group |
ProviderDetailsGCP
(Appears on: ProviderDetails)
ProviderDetailsGCP defines the GCP-specific NetworkFabric configuration
ProviderDetailsSubnetIPv4
(Appears on: NetworkFabricSubnetIPv4)
ProviderDetailsSubnetIPv4 provides cloud provider specifics for the subnet
| Field | Description |
|---|---|
| gcp ProviderDetailsSubnetIPv4GCP | GCP is the provider specification for GCP subnets |
ProviderDetailsSubnetIPv4GCP
(Appears on: ProviderDetailsSubnetIPv4)
ProviderDetailsSubnetIPv4GCP provides secondary ranges for gcp
| Field | Description |
|---|---|
| secondaryIpRanges []GCPSecondarySubnetIPRanges |
org.appvia.io/v2beta1
Package v2beta1 contains API Schema definitions for the org API group
Resource Types:- AuditEvent
- Channel
- DefaultWorkspaceGroup
- Identity
- PlatformAccessToken
- Stage
- User
- WayfinderGroup
- WayfinderRole
- WayfinderRoleBinding
- Workspace
- WorkspaceAccessToken
- WorkspaceGroup
- WorkspaceInvitation
- WorkspaceRoleBinding
AuditEvent
AuditEvent is the Schema for the audit API
| Field | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||||||||||||||||||||||||
| kind string | AuditEvent | ||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||
| spec AuditEventSpec |
|
Channel
Channel is the Schema for the channels API
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||||
| kind string | Channel | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec ChannelSpec |
| ||||||
| status ChannelStatus |
|
DefaultWorkspaceGroup
DefaultWorkspaceGroup represents a desire for a default workspace group which will be created in each workspace when that workspace is created.
| Field | Description | ||
|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||
| kind string | DefaultWorkspaceGroup | ||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||
| spec DefaultWorkspaceGroupSpec | Spec is the desired state of the group
| ||
| status DefaultWorkspaceGroupStatus | Status is the status of the group
|
Identity
Identity is the Schema for the identities API
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||||||||||||
| kind string | Identity | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec IdentitySpec |
|
PlatformAccessToken
PlatformAccessToken is an access token able to be used to automate all Wayfinder features, both inside and outside of workspaces.
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | PlatformAccessToken | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec AccessTokenSpec |
| ||||
| status AccessTokenStatus |
|
Stage
Stage is the Schema for the stages API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | Stage | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec StageSpec |
| ||||
| status StageStatus |
|
User
User is the Schema for the users API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | User | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec UserSpec |
| ||||
| status UserStatus |
|
WayfinderGroup
WayfinderGroup represents a collection of Wayfinder users
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WayfinderGroup | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec GroupSpec | Spec is the specification of the group
| ||||
| status WayfinderGroupStatus | Status is the status of the group
|
WayfinderRole
WayfinderRole represents a set of Kubernetes RBAC-style rules that can describe permission for users against Wayfinder itself
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WayfinderRole | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec WayfinderRoleSpec | Spec is the specification of the role
| ||||
| status WayfinderRoleStatus | Status is the status of the role
|
WayfinderRoleBinding
WayfinderRoleBinding represents actual access to a cluster for subjects
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WayfinderRoleBinding | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec WayfinderRoleBindingSpec |
| ||||
| status WayfinderRoleBindingStatus |
|
Workspace
Workspace is the Schema for the workspace API
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||||||||||
| kind string | Workspace | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec WorkspaceSpec |
| ||||||||||||
| status WorkspaceStatus |
|
WorkspaceAccessToken
WorkspaceAccessToken is an access token can automate Wayfinder features solely within a specified workspace.
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WorkspaceAccessToken | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec AccessTokenSpec |
| ||||
| status AccessTokenStatus |
|
WorkspaceGroup
WorkspaceGroup is the Schema for the workspace groups API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WorkspaceGroup | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec GroupSpec | Spec is the desired state of the group
| ||||
| status WorkspaceGroupStatus | Status is the status of the group
|
WorkspaceInvitation
WorkspaceInvitation is the Schema for the workspace invitation API
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WorkspaceInvitation | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec WorkspaceInvitationSpec |
| ||||
| status WorkspaceInvitationStatus |
|
WorkspaceRoleBinding
WorkspaceRoleBinding represents the binding of a workspace role to a workspace group or user
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | org.appvia.io/v2beta1 | ||||
| kind string | WorkspaceRoleBinding | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec WorkspaceRoleBindingSpec |
| ||||
| status WorkspaceRoleBindingStatus |
|
AccessTokenSpec
(Appears on: PlatformAccessToken, WorkspaceAccessToken)
AccessTokenSpec defines the desired state of policy
| Field | Description |
|---|---|
| description string | Description provides a short summary on the use of the access token |
| tokenIDs []string | TokenIDs is the set of signed token IDs which are currently valid for this access token. This will be populated by Wayfinder, always leave blank on definition. |
AccessTokenStatus
(Appears on: PlatformAccessToken, WorkspaceAccessToken)
AccessTokenStatus defines the observed state of status on a policy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
AuditEventSpec
(Appears on: AuditEvent)
AuditEventSpec defines the desired state of User
| Field | Description |
|---|---|
| id int | ID is the unique identifier of this audit event. |
| createdAt Kubernetes meta/v1.Time | CreatedAt is the timestamp of record creation |
| resource string | Resource is the area of the API accessed in this audit operation (e.g. workspaces, etc). |
| resourceURI string | ResourceURI is the identifier of the resource in question. |
| apiVersion string | APIVersion is the version of the API used for this operation. |
| verb string | Verb is the type of action performed (e.g. PUT, GET, etc) |
| operation string | Operation is the operation performed (e.g. UpdateCluster, CreateCluster, etc). |
| workspace WorkspaceKey | Workspace is the workspace whom event may be associated to |
| user string | User is the user which the event is related |
| startedAt Kubernetes meta/v1.Time | StartedAt is the timestamp the operation was initiated |
| completedAt Kubernetes meta/v1.Time | CompletedAt is the timestamp the operation completed |
| responseCode int | ResponseCode indicates the HTTP status code of the operation (e.g. 200, 404, etc). |
| message string | Message is event message itself |
ChannelSpec
(Appears on: Channel)
ChannelSpec defines the desired state of Channel
| Field | Description |
|---|---|
| displayName string | DisplayName provides a user-friendly name for the channel |
| description string | Description provides a summary of this channel |
| kubernetesVersions map[string]string | KubernetesVersions specifies the semver versions of Kubernetes by provider The key of the provider relates to the cluster type (e.g. AKS, GKE, EKS) - This is only required if the channel is the source of truth for Kubernetes versions - If a provider (or all providers is absent) then the platform defaults will be used |
ChannelStatus
(Appears on: Channel)
ChannelStatus defines the observed state of Channel
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| versions ProviderVersions | Versions is a map of versions per provider… |
DefaultWorkspaceGroupSpec
(Appears on: DefaultWorkspaceGroup)
DefaultWorkspaceGroupSpec defines the specification for a default workspace group
| Field | Description |
|---|---|
| description string | Description provides a human-readable description of this group |
DefaultWorkspaceGroupStatus
(Appears on: DefaultWorkspaceGroup)
DefaultWorkspaceGroupStatus defines the status of a default group
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
GroupSpec
(Appears on: WayfinderGroup, WorkspaceGroup)
GroupSpec defines the specification for a group
| Field | Description |
|---|---|
| description string | Description provides a human-readable description of this group |
| members []Subject | Members are the members of the group |
IdentityAccountType (string)
(Appears on: IdentitySpec)
| Value | Description |
|---|---|
"BasicAuth" | |
"SSO" | |
"Token" |
IdentitySpec
(Appears on: Identity)
IdentitySpec describes an identity profile for a subject
| Field | Description |
|---|---|
| subject Subject | Subject identifies the Wayfinder user that this refers to. At this time, the only supported subject kind is User. |
| accountType IdentityAccountType | AccountType is the account type of the identity |
| provider string | Provider uniquely identifies the provider within the account type (e.g. auth0, azuread, etc) |
| username string | ProviderUsername is the name of this user in the provider |
| providerToken string | ProviderToken is a token to authenticate or identify this user with the provider, if required |
| providerUID string | ProviderUID is the ID of the user in the provider, if required |
| email string | Email is the email of this user in the provider, if available |
PackageVersion
| Field | Description |
|---|---|
| version string | Version is the version of the package |
| name string | Name is the metadata name of the global helm package |
PlatformOrWorkspaceAccessToken
ProviderVersions (map[string]github.com/appvia/wayfinder/tmpcrdref/pkg/apis/org/v2beta1.Versions)
(Appears on: ChannelStatus)
ProviderVersions is a particular set of versions to use for a provider The key of the provider relates to the cluster type (e.g. AKS, GKE, EKS)
RBACRuleSource
RBACRuleSource is an interface implemented by the various sources of RBAC rules in this API
RoleRef
(Appears on: WayfinderRoleBindingSpec, WorkspaceRoleBindingSpec)
RoleRef defines a reference to a Wayfinder or Workspace role
| Field | Description |
|---|---|
| kind string | Kind of object being referenced, for future compatibility. At this time, the only value used is WayfinderRole. |
| name string | Name of the object being referenced. |
| namespace string | Namespace of the referenced object (not applicable to WayfinderRole). |
StageSpec
(Appears on: Stage)
StageSpec defines the desired state of Stage
| Field | Description |
|---|---|
| displayName string | DisplayName provides a user-friendly name for the stage |
| description string | Description provides a summary of this stage |
StageStatus
(Appears on: Stage)
StageStatus defines the observed state of Stage
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
Subject
(Appears on: GroupSpec, IdentitySpec, WayfinderRoleBindingSpec, WorkspaceRoleBindingSpec, WorkspaceSpec)
Subject defines a subject for group memberships and role bindings.
| Field | Description |
|---|---|
| kind SubjectKind | Kind of subject being referenced. |
| name string | Name of the object being referenced. |
| workspace WorkspaceKey | Workspace is the workspace of the subject - only applicable to kind ‘WorkspaceAccessToken’ |
SubjectKind (string)
(Appears on: Subject)
SubjectKind represents types of subject that Wayfinder can use
| Value | Description |
|---|---|
"PlatformAccessToken" | SubjectKindPlaformAccessToken is a Wayfinder-scoped access token |
"User" | SubjectKindUser is a Wayfinder user account |
"WayfinderGroup" | SubjectKindWayfinderGroup is a globally defined Wayfinder group |
"WorkspaceAccessToken" | SubjectKindWorkspaceAccessToken is a Workspace-scoped access token |
"WorkspaceGroup" | SubjectKindWorkspaceGroup is a group defined in a workspace |
UpdateBasicAuthIdentity
UpdateBasicAuthIdentity defines the desired state of an update
| Field | Description |
|---|---|
| oldPassword string | OldPassword is the user’s current password. Required if you are not a global Wayfinder admin. |
| password string | Password is a password associated to the user |
| username string | Username is the user you are update the credential for |
UpdateIDPIdentity
UpdateIDPIdentity defines the desired state of an update
| Field | Description |
|---|---|
| IDToken string | IDToken is the identity token from the provider |
UserSpec
(Appears on: User)
UserSpec defines the desired state of User
| Field | Description |
|---|---|
| username string | Username is the userame or identity for this user - typically this would be an email address. It must be unique. |
| disabled bool | Disabled indicates if the user is disabled |
UserStatus
(Appears on: User)
UserStatus defines the observed state of User
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
Versions
Versions are versions for a provider TODO: include other things that may need to be tied to a provider
| Field | Description |
|---|---|
| kubernetes string | Kubernetes is the default version of Kubernetes for this channel. Where KubernetesByRegion is populated for the relevant region, that should be used in preference. |
| kubernetesByRegion map[string]string | KubernetesByRegion provides cloud provider region-specific versions of Kubernetes. On Azure and GCP, supported Kubernetes versions can vary between regions. If no value is populated here, the value in Kubernetes should be used instead. |
| packages map[string]string | Packages is a list of the packages versions on the channel |
WayfinderGroupStatus
(Appears on: WayfinderGroup)
WayfinderGroupStatus defines the status of a group
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WayfinderRoleBindingSpec
(Appears on: WayfinderRoleBinding)
WayfinderRoleBindingSpec defines the desired state of WayfinderRoleBinding Will create a ClusterPolicy with a role binding only
| Field | Description |
|---|---|
| roleRef RoleRef | RoleRef is the role being bound |
| subjects []Subject | Subjects is the list of one or more subjects that this role is bound to |
WayfinderRoleBindingStatus
(Appears on: WayfinderRoleBinding)
WayfinderRoleBindingStatus defines the status of an WayfinderRoleBinding
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WayfinderRoleScope (string)
WayfinderRoleScope defines the scope of a role - i.e. whether it applies across Wayfinder or to only those objects in a single workspace
| Value | Description |
|---|---|
"Global" | WayfinderRoleScopeGlobal provides Wayfinder-wide access to the specied resources |
"Workspace" | WayfinderRoleScopeWorkspace provides access to the specified resources in a workspace |
WayfinderRoleSpec
(Appears on: WayfinderRole)
WayfinderRoleSpec defines a set of RBAC rules to Wayfinder objects
| Field | Description |
|---|---|
| description string | Description is a human-readable description of the role Should describe what the role would provide access to when bound to a user/group/accesstoken |
| rules []Kubernetes rbac/v1.PolicyRule | Rules is rules |
WayfinderRoleStatus
(Appears on: WayfinderRole)
WayfinderRoleStatus defines the status of a WayfinderRole
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WorkspaceGroupStatus
(Appears on: WorkspaceGroup)
WorkspaceGroupStatus defines the status of a group
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WorkspaceInvitationSpec
(Appears on: WorkspaceInvitation)
WorkspaceInvitationSpec defines the desired state of a workspace invitation
| Field | Description |
|---|---|
| username string | Username is the user being bound to the workspace |
| workspace WorkspaceKey | Workspace is the name of the workspace being invitied to |
WorkspaceInvitationStatus
(Appears on: WorkspaceInvitation)
WorkspaceInvitationStatus defines the observed state of a workspace invite
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WorkspaceRoleBindingSpec
(Appears on: WorkspaceRoleBinding)
WorkspaceRoleBindingSpec defines the desired state of WorkspaceRoleBinding
| Field | Description |
|---|---|
| roleRef RoleRef | RoleRef is the role being bound |
| subjects []Subject | Subjects is the list of one or more subjects that this role is bound to |
WorkspaceRoleBindingStatus
(Appears on: WorkspaceRoleBinding)
WorkspaceRoleBindingStatus defines the status of a WorkspaceRoleBinding
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WorkspaceSpec
(Appears on: Workspace)
WorkspaceSpec defines the desired state of workspace
| Field | Description |
|---|---|
| key WorkspaceKey | Key is the unique identifier for this workspace |
| type WorkspaceType | Type is an optional type for this workspace. If unspecified, ‘standard’ is assumed. |
| summary string | Summary is a short human-readable name for this workspace |
| description string | Description is an extended description for the workspace |
| resourceNamespace string | ResourceNamespace will be set by Wayfinder on creation and cannot be modified or defined by users. This is the namespace within Wayfinder in which this workspace’s resources will exist. |
| owners []Subject | Owners is the set of users who own this workspace (i.e. can control access to the workspace and its resources). If unpopulated on creation, Wayfinder will set this to the user who created the workspace. |
WorkspaceStatus
(Appears on: Workspace)
WorkspaceStatus defines the observed state of workspace
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
WorkspaceType (string)
(Appears on: WorkspaceSpec)
WorkspaceType identifies the type of a workspace
| Value | Description |
|---|---|
"admin" | WorkspaceTypeAdmin is for internal, Wayfinder managed workspaces used by the system. These can only be created by Wayfinder itself. |
"infrastructure" | WorkspaceTypeInfrastructure identifies that this workspace is a container for infrastructure, for example to contain multi-tenant clusters allocated to multiple standard workspaces |
"standard" | WorkspaceTypeStandard is the default workspace type for normal, application-team-oriented workspaces |
package.appvia.io/v2beta1
Package v2beta1 contains API Schema definitions for the org API group
Resource Types:Package
Package is a package definition
| Field | Description | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v2beta1 | ||||||||||||||||||||||||||
| kind string | Package | ||||||||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||||||||
| spec PackageSpec |
| ||||||||||||||||||||||||||
| status PackageStatus |
|
PackageRelease
PackageRelease is a package definition
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v2beta1 | ||||||||||
| kind string | PackageRelease | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec PackageReleaseSpec |
| ||||||||||
| status PackageReleaseStatus |
|
PackageUpdate
PackageUpdate is the schema package version updates in Wayfinder
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v2beta1 | ||||||||
| kind string | PackageUpdate | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec PackageUpdateSpec |
| ||||||||
| status PackageUpdateStatus |
|
Repository
Repository is a package definition
| Field | Description | ||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v2beta1 | ||||||||||||||||||||
| kind string | Repository | ||||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||||
| spec RepositorySpec |
| ||||||||||||||||||||
| status RepositoryStatus |
|
RepositoryRelease
RepositoryRelease is a package definition
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | package.appvia.io/v2beta1 | ||||||||||
| kind string | RepositoryRelease | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec RepositoryReleaseSpec |
| ||||||||||
| status RepositoryReleaseStatus | reuse repository spec
|
AWSWorkloadIdentityProviderDetails
(Appears on: WorkloadIdentityProviderDetails)
AWSWorkloadIdentityProviderDetails provides the specific parameters for AWS
| Field | Description |
|---|---|
| iamPolicies []string | IAMPolicies defines a list of (additional) IAM policies to bind to the workload identity role It is assumed that these will exist in the target AWS account for the cluster, therefore use either built-in AWS-managed policies or make sure that your process for managing policies in your accounts will always ensure these policies exist in any account this package may be deployed into. For AWS-managed policies, specify the full ARN (e.g. arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess) For self-managed policies, specify the ARN without an account ID (e.g. arn:aws:iam:::policy/myorg-policy-s3-write) |
| customIAMPolicy k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | CustomIAMPolicy defines an additional dedicated IAM policy to create and bind to this workload identity. |
| helmServiceAccountAnnotationsPaths []string | helmServiceAccountAnnotationsPaths defines paths to the service account annotations parameter within the helm chart. AWS ManagedIdentity works based on ServiceAccounts annotations. |
AzureWorkloadIdentityProviderDetails
(Appears on: WorkloadIdentityProviderDetails)
AzureWorkloadIdentityProviderDetails provides the specific parameters for Azure
| Field | Description |
|---|---|
| helmPodLabelsPaths []string | HelmPodLabelsPath defines paths to the podLabels parameter within the helm chart. Azure ManagedIdentity works based on Pod labels. |
| helmPodSelector string | HelmPodSelector defines the pod selector to use when creating the workload identity. |
ChartSource
(Appears on: PackageSpec)
ChartSource defines the location of the helm package
| Field | Description |
|---|---|
| git GitSource | Git can be used to define the location of the helm chart in a git repository |
| helm HelmSource | Helm can be used to define a helm index as the source location of the chart to be installed |
GCPWorkloadIdentityProviderDetails
(Appears on: WorkloadIdentityProviderDetails)
GCPWorkloadIdentityProviderDetails provides the specific parameters for GCP
| Field | Description |
|---|---|
| helmServiceAccountAnnotationsPaths []string | HelmServiceAccountAnnotationsPaths defines paths to the service account annotations parameter within the helm chart. GCP ManagedIdentity works based on ServiceAccounts annotations. |
GitSource
(Appears on: ChartSource)
GitSource defines the location of a chart in a git repository
| Field | Description |
|---|---|
| gitPullSecrets Kubernetes core/v1.SecretReference | GitPullSecrets is a reference to any credentials used to pull the repository |
| url string | URL is the location of the git repository |
HelmSource
(Appears on: ChartSource)
HelmSource is used to the define the location of a chart in a helm repository
| Field | Description |
|---|---|
| name string | Name is the name of the chart we wish to install |
| url string | URL is the url to the helm repository where the chart lives |
| version string | Version is the version of the chart that should be installed |
PackageReleaseSpec
(Appears on: PackageRelease)
PackageReleaseSpec defines the the desired status for an helm package
| Field | Description |
|---|---|
| revision string | Revision is revision of the package in which is associated to the release |
| clusterRef Ownership | ClusterRef provides reference to the cluster this release is associated and intended to be installed on |
| globalRef string | GlobalRef is the name of the cloud package which is associated to the release |
| packageRef string | PackageRef is the name of the package within the workspace namespace that is associated to this release |
| package PackageSpec | Package contains all the package details which has been copied over from the package definition - this creates a local copy of the package as is used to reconcile the release |
PackageReleaseStatus
(Appears on: PackageRelease)
PackageReleaseStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| appliedValues k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | AppliedValues is the rendered set of values for this package release (excluding any values derived from secrets) |
PackageSpec
(Appears on: Package, PackageReleaseSpec)
PackageSpec defines a helm package
| Field | Description |
|---|---|
| dependencies []string | Dependencies provides a list of dependent services which have to deployed before this package can be installed |
| installNamespace string | InstallNamespace is the location to install the package |
| source ChartSource | Source is used to define the source location of the chart and the revision which used to used to install |
| selectors Kubernetes meta/v1.LabelSelector | Selectors are the label matching selectors for where the package should be installed |
| name string | Name is the display name of the package |
| summary string | Summary provides short description as to use of the package |
| values k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Values is a collection of values to injected into the chart when rendering the package into the clusters |
| valuesFrom []ValuesFrom | ValuesFrom is a optional collection of resources which are injected into the helm values before render |
| userValues []UserValue | UserValues is a collection of user values that are exposed by this package |
| workloadIdentity WorkloadIdentity | WorkloadIdentity is an optional request to create a workload identity |
| releaseName string | ReleaseName is the name of the release in the cluster |
| version string | Version is the semver of the package |
| skipTests bool | SkipTests will skip execution of any ‘helm test’ tests defined on the package. |
PackageStatus
(Appears on: Package)
PackageStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| RoutingStatus RoutingStatus | (Members of RoutingStatus are embedded into this type.) |
PackageUpdateOptions
(Appears on: PackageUpdateSpec)
PackageUpdateOptions are the options for updating a package
PackageUpdateSpec
(Appears on: PackageUpdate)
| Field | Description |
|---|---|
| UpdateSpec UpdateSpec | (Members of UpdateSpec are embedded into this type.) |
| packageToUpdate string | PackageToUpdate is the name of the package to update on the owning cluster |
| newVersion string | NewVersion is the new package version to be released into the cluster |
| options PackageUpdateOptions | Options are the options for the package update |
PackageUpdateStatus
(Appears on: PackageUpdate)
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| currentVersion string | CurrentVersion is the version of the package currently applied. May be empty if no package release exists. |
| startTime Kubernetes meta/v1.Time | StartTime is the time the update was started Is used to estimate the percentage complete time |
| estimatedPercentageComplete int | EstimatedPercentageComplete is the estimated percentage complete of the update - Based on the time from StartTime and a test of actual updates |
RepositoryReleaseSpec
(Appears on: RepositoryRelease)
RepositoryReleaseSpec defines the the desired status for an helm repository release
| Field | Description |
|---|---|
| revision string | Revision is revision of the release in which is associated to the release |
| clusterRef Ownership | ClusterRef provides reference to the cluster this release is associated and intended to be installed on |
| globalRef string | GlobalRef is the name of the cloud package which is associated to the release |
| packageRef string | GlobalRef is the name of the cloud release which is associated to the release |
| repository RepositorySpec | Release contains all the release details which has been copied over from the release definition - this creates a local copy of the release as is used to reconcile the release |
RepositoryReleaseStatus
(Appears on: RepositoryRelease)
RepositoryStatus defines the observed state of the repository
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
RepositorySpec
(Appears on: Repository, RepositoryReleaseSpec)
RepositorySpec defines the the desired status for an helm repository
| Field | Description |
|---|---|
| selectors Kubernetes meta/v1.LabelSelector | Selectors are the label matching selectors for where the package should be installed |
| clusterRef Ownership | ClusterRef provides reference to the cluster this release is associated and intended to be installed on. Field is optional, but we gonna populate this down the stream when assigned to cluster |
| globalRef string | GlobalRef is the name of the cloud global repository which is associated to the repository |
| packageRef string | RepositoryRef is the name of the repository within the workspace namespace that is associated to this repository |
| revision string | Revision is revision of the package in which is associated to the release |
| url string | The Helm repository URL, a valid URL contains at least a protocol and host. |
| secretRef Kubernetes core/v1.SecretReference | (Optional) repository. For HTTP/S basic auth the secret must contain username and password fields. For TLS the secret must contain a certFile and keyFile, and/or caCert fields. |
| interval string | (Optional) The interval at which to check the upstream for updates. |
| timeout string | (Optional) The timeout of index downloading, defaults to 60s. |
| suspend bool | (Optional) This flag tells the controller to suspend the reconciliation of this source. |
RepositoryStatus
(Appears on: Repository)
RepositoryStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
UserValue
(Appears on: PackageSpec)
UserValue defines a value exposed to the user
| Field | Description |
|---|---|
| name string | Name is the name of the value field |
| description string | Description is an explanation of value’s significance/usage |
| value string | Value is a representation of the value |
WorkloadIdentity
(Appears on: PackageSpec)
WorkloadIdentity defines values for the WorkloadIdentity that should be created
| Field | Description |
|---|---|
| clusterServiceAccount ClusterServiceAccount | ClusterServiceAccount is the name and namespace of the service account which will use this identity in the target cluster. Required on AWS and GCP, optional (and unused) on Azure at this time. |
| identityOnly bool | IdentityOnly will create an identity associated with a cluster with no specific permissions Must specify Role=None if this is true. In AWS: - An IAM role is created and associated with a specific Kubernetes service account - no inline or attached policies are managed (post creation of the IAM role) - It is a “user” responsibility to attach policies to the IAM role In Azure: - The user defined managed identity is created - No role definitions or role assignments are created - It is a “user” responsibility to create relevant role assignments |
| role WorkloadIdentityRole | Role must be the name of a valid workload identity role known to Wayfinder |
| roleParameters map[string]string | RoleParameters are any parameters required for the specified role |
| cloudResourceName string | CloudResourceName specifies the name of the workload identity in the cloudaccount Can be left blank so that the name is derived from the cluster name + resource name |
| providerDetails WorkloadIdentityProviderDetails | ProviderDetails provides additional fields which can be used for cloud-provider specific data, such as a GCP billing account ID. |
WorkloadIdentityProviderDetails
(Appears on: WorkloadIdentity)
| Field | Description |
|---|---|
| aws AWSWorkloadIdentityProviderDetails | AWS holds parameters specific to AWS workload identity |
| azure AzureWorkloadIdentityProviderDetails | Azure holds parameters specific to Azure workload identity |
| gcp GCPWorkloadIdentityProviderDetails | GCP holds parameters specific to GCP workload identity |
policydelivery.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the policydelivery v1alpha1 API group
Resource Types:- AccessPolicy
- AccessRole
- AccessRoleBinding
- ClusterPolicy
- GlobalAccessPolicy
- GlobalAccessRole
- GlobalClusterPolicy
AccessPolicy
AccessPolicy represents a targeted policy
| Field | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||||||||||
| kind string | AccessPolicy | ||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||
| spec AccessPolicySpec | Spec is the specification of the access policy
| ||||||||||||
| status AccessPolicyStatus | Status is the status of the access policy
|
AccessRole
AccessRole represents a set of Kubernetes RBAC rules that can use used for user access
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||||
| kind string | AccessRole | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec AccessRoleSpec | Spec is the specification of the access role
| ||||||
| status AccessRoleStatus | Status is the status of the access role
|
AccessRoleBinding
AccessRoleBinding represents actual access to a cluster for subjects
| Field | Description | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||||||||
| kind string | AccessRoleBinding | ||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||
| spec AccessRoleBindingSpec |
| ||||||||||
| status AccessRoleBindingStatus |
|
ClusterPolicy
ClusterPolicy represents a cluster targeted policy
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||
| kind string | ClusterPolicy | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec ClusterPolicySpec |
| ||||
| status ClusterPolicyStatus |
|
GlobalAccessPolicy
GlobalAccessPolicy represents a Global Access Policy to define Shared Access Policies
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||
| kind string | GlobalAccessPolicy | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec GlobalAccessPolicySpec | Spec is the specification of the global access policy
| ||||
| status GlobalAccessPolicyStatus | Status is the status of the global access policy
|
GlobalAccessRole
GlobalAccessRole represents a global set of Kubernetes RBAC rules that can use used for user access
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||
| kind string | GlobalAccessRole | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec GlobalAccessRoleSpec | Spec is the specification of the global access role
| ||||
| status GlobalAccessRoleStatus | Status is the status of the global access roles
|
GlobalClusterPolicy
ClusterPolicy represents a cluster targeted policy
| Field | Description | ||||
|---|---|---|---|---|---|
| apiVersion string | policydelivery.appvia.io/v1alpha1 | ||||
| kind string | GlobalClusterPolicy | ||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||
| spec ClusterPolicySpec |
| ||||
| status ClusterPolicyStatus |
|
AccessPolicySpec
(Appears on: AccessPolicy, GlobalAccessPolicySpec)
AccessPolicySpec defines the desired state of AccessPolicy
| Field | Description |
|---|---|
| accessRoleRefs []string | AccessRoleRefs is the set of AccessRoles (in this workspace) that this policy grants access to create AccessRoleBindings for. This is the ‘what’ exactly is granted access to. |
| description string | Description is a human-readable description of the policy Should describe what sort of function the policy provides (e.g. support for production clusters) |
| groups []string | Groups is the list of workspace groups that are permitted access by this access policy. This is the ‘who’ in the access question. At least one group or wayfinder group must be specified. |
| wayfinderGroups []string | WayfinderGroups is the list of Wayfinder groups that are permitted access by this access policy. This is the ‘who’ in the access question At least one group or wayfinder group must be specified. |
| constraints Constraints | Constraints are the collection of constraints which control access to the roles This is a combination of when and where |
| subjectType string | SubjectKind is the type of the subject for this policy |
AccessPolicyStatus
(Appears on: AccessPolicy)
AccessPolicyStatus defines the status of an AccessPolicy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
AccessRoleBindingSpec
(Appears on: AccessRoleBinding)
AccessRoleBindingSpec defines the desired state of AccessRoleBinding Will create a ClusterPolicy with a role binding only
| Field | Description |
|---|---|
| expiration Kubernetes meta/v1.Time | Expiration is the expiration time for any policy to exist Omitting this will make the policy persistent |
| accessRoleRef string | AccessRoleRef is the reference to the AccessRole (in this namespace) |
| clusterRef Ownership | ClusterRef provides reference to the cluster for this access Must be specified if NamespaceClaimRef is not set Must be specified if the reference role specified ClusterWide |
| namespaceClaimRef string | NamespaceClaimRef is the namespacesClaim this binding is valid for Will create a roleBinding for the namespace referenced Must be specified if the AccessRoleRef specifies ClusterScope=false Is an error if the ClusterScope=true |
| subject Subject | Subject is the user or access token that has this access in Wayfinder |
AccessRoleBindingStatus
(Appears on: AccessRoleBinding)
AccessRoleBindingStatus defines the status of an AccessRoleBinding
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
AccessRoleSpec
(Appears on: AccessRole, GlobalAccessRoleSpec)
AccessRoleSpec defines the desired state of AccessRole
| Field | Description |
|---|---|
| clusterScope bool | ClusterScope indicates if the access role is cluster-wide or not will be used to validate if a AccessPolicyTarget is valid or not |
| description string | Description is a human-readable description of the role Should describe what the role would provide access to when bound to a user |
| rules []Kubernetes rbac/v1.PolicyRule | Rules is rules |
AccessRoleStatus
(Appears on: AccessRole)
AccessPolicyStatus defines the status of an AccessPolicy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
ClusterConstraint
(Appears on: Constraints)
ClusterConstraint places a constraint around the cluster
| Field | Description |
|---|---|
| allowed Kubernetes meta/v1.LabelSelector | Allowed is a collection of clusters permitted access on the role |
| denied Kubernetes meta/v1.LabelSelector | Denied provides the means to denied one or more clusters from the role |
ClusterPolicySpec
(Appears on: ClusterPolicy, GlobalClusterPolicy)
ClusterPolicySpec defines the specification of a policy in a cluster or namespace
| Field | Description |
|---|---|
| target ClusterPolicyTarget | Target contains targeting information for this cluster policy |
| policy PolicyProviderDetails | Policy details |
ClusterPolicyStatus
(Appears on: ClusterPolicy, GlobalClusterPolicy)
ClusterPolicyStatus defines the status of a cluster policy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| RoutingStatus RoutingStatus | (Members of RoutingStatus are embedded into this type.) |
ClusterPolicyTarget
(Appears on: ClusterPolicySpec)
ClusterPolicyTarget is the targeting specification for this cluster policy Not convinced this is required as a PolicyBinding can create one of these per cluster or namespace
| Field | Description |
|---|---|
| cluster Kubernetes meta/v1.LabelSelector | Cluster specifies labels for clusters |
| namespace Kubernetes meta/v1.LabelSelector | Namespace specifies labels for namespaces |
Constraints
(Appears on: AccessPolicySpec)
Constraints defines a constraint to assuming access to an AccessRole aka creating an AccessRoleBinding
| Field | Description |
|---|---|
| clusters ClusterConstraint | Clusters constrains access to matching clusters |
| namespaces NamespaceConstraint | Namespaces constraints access to matching namespaces |
| days DaysOfWeekConstraint | Days constrains access to the days of week |
| ttl Kubernetes meta/v1.Duration | TTL is the length of a session. A user’s access will be revoked after this amount of time. |
| networks NetworkConstraint | Networks allows defines one of more networks from which the user assuming the role can come from |
| time TimeConstraint | Time provides a time of day constraint when assuming the policy. The assumption must occur within the alloted time frame to assume the role |
DaysOfWeekConstraint
(Appears on: Constraints)
DaysOfWeekConstraint places a constraint on the day of week when the role can be assumed
| Field | Description |
|---|---|
| allowed []WeekDay | Allowed are the days permitted in access These are the values from the Weekday type .String() method |
| denied []WeekDay | Denied is a collection of days which are not permitted to access the role |
GlobalAccessPolicySpec
(Appears on: GlobalAccessPolicy)
GlobalAccessPolicySpec defines the desired state of a GlobalAccessPolicy
| Field | Description |
|---|---|
| accessPolicyTemplate AccessPolicySpec | AccessPolicyTemplate is the spec of a resulting AccessPolicy |
| workspaceSelector Kubernetes meta/v1.LabelSelector | WorkspaceSelector is a selector for Workspaces that will get this template |
GlobalAccessPolicyStatus
(Appears on: GlobalAccessPolicy)
GlobalAccessPolicyStatus defines the status of a GlobalAccessPolicy
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
GlobalAccessRoleSpec
(Appears on: GlobalAccessRole)
GlobalAccessRoleSpec defines the Kubernetes RBAC rules for user access to clusters across all workspaces Defines the rules for which workspaces will get cluster access role updates
| Field | Description |
|---|---|
| accessRoleTemplate AccessRoleSpec | AccessRoleTemplate is the template for any AccessRole created |
| workspaceSelector Kubernetes meta/v1.LabelSelector | WorkspaceSelector is a selector for Workspaces that will get this template |
GlobalAccessRoleStatus
(Appears on: GlobalAccessRole)
GlobalAccessRoleStatus defines the status of a GlobalAccessRole
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
GlobalOrScopedAccessPolicy
GlobalOrScopedAccessPolicy represents either type of access policy in a consistent way
GlobalOrScopedAccessRole
GlobalOrScopedAccessRole represents either type of access role in a consistent way
GlobalOrScopedClusterPolicy
KubeRBACParameters
(Appears on: PolicyProviderDetails)
KubeRBACParameters is the parameters for
| Field | Description |
|---|---|
| KubeRBACParametersDeprecated KubeRBACParametersDeprecated | (Members of KubeRBACParametersDeprecated are embedded into this type.) |
| rules []Kubernetes rbac/v1.PolicyRule | Rules is rules Leave blank to specify only a binding is to be created |
| subjects []Kubernetes rbac/v1.Subject | Subjects / principles who the rules apply to - user - group - serviceaccount Note only a service account can specify the namespace |
| roleRef Kubernetes rbac/v1.RoleRef | RoleRef is a reference to the Role or ClusterRole within the target cluster - must exist if no rules are specified |
| clusterScoped bool | ClusterScoped specifies whether the create role/bindings should be cluster scoped |
KubeRBACParametersDeprecated
(Appears on: KubeRBACParameters)
| Field | Description |
|---|---|
| roleNameOverride string | RoleNameOverride is the name of the Role or ClusterRole if different from the clusterpolicy name - useful when creating just a role binding or referencing a clusterwide role - must be specified when ClusterWideRole is set to true |
| clusterScopedRoleOverride bool | ClusterScopedRoleOverride specifies the role referenced by the RoleBinding is a ClusterRole - specify true to override the default when targeting a namespaced role / role binding - ignored when targeting a ClusterRole |
| roleBindingNameOverride string | RoleBindingOverrideName is the name of the RoleBinding or ClusterRoleBinding if different from the clusterpolicy name Leave blank to have it derived from the name of the clusterpolicy name Specify a unique name depending on the subject and role combination - useful when creating just a role binding or referencing a clusterwide role kubebuilder:validation:Optional |
KyvernoPolicySpec
(Appears on: PolicyProviderDetails)
| Field | Description |
|---|---|
| rules []github.com/appvia/wayfinder/server/policydelivery/extapis/kyverno/v1.Rule | Rules is a list of Rule instances. A Policy contains multiple rules and each rule can validate, mutate, or generate resources. |
| applyRules github.com/appvia/wayfinder/server/policydelivery/extapis/kyverno/v1.ApplyRulesType | (Optional) ApplyRules controls how rules in a policy are applied. Rule are processed in the order of declaration. When set to |
| failurePolicy github.com/appvia/wayfinder/server/policydelivery/extapis/kyverno/v1.FailurePolicyType | (Optional) FailurePolicy defines how unexpected policy errors and webhook response timeout errors are handled. Rules within the same policy share the same failure behavior. This field should not be accessed directly, instead |
| validationFailureAction github.com/appvia/wayfinder/server/policydelivery/extapis/kyverno/v1.ValidationFailureAction | (Optional) ValidationFailureAction defines if a validation policy rule violation should block the admission review request (enforce), or allow (audit) the admission review request and report an error in a policy report. Optional. Allowed values are audit or enforce. The default value is “Audit”. |
| validationFailureActionOverrides []github.com/appvia/wayfinder/server/policydelivery/extapis/kyverno/v1.ValidationFailureActionOverride | (Optional) ValidationFailureActionOverrides is a Cluster Policy attribute that specifies ValidationFailureAction namespace-wise. It overrides ValidationFailureAction for the specified namespaces. |
| background bool | (Optional) Background controls if rules are applied to existing resources during a background scan. Optional. Default value is “true”. The value must be set to “false” if the policy rule uses variables that are only available in the admission review request (e.g. user name). |
| schemaValidation bool | (Optional) SchemaValidation skips validation checks for policies as well as patched resources. Optional. The default value is set to “true”, it must be set to “false” to disable the validation checks. |
| webhookTimeoutSeconds int32 | WebhookTimeoutSeconds specifies the maximum time in seconds allowed to apply this policy. After the configured time expires, the admission request may fail, or may simply ignore the policy results, based on the failure policy. The default timeout is 10s, the value must be between 1 and 30 seconds. |
| mutateExistingOnPolicyUpdate bool | (Optional) MutateExistingOnPolicyUpdate controls if a mutateExisting policy is applied on policy events. Default value is “false”. |
| generateExistingOnPolicyUpdate bool | (Optional) GenerateExistingOnPolicyUpdate controls whether to trigger generate rule in existing resources If is set to “true” generate rule will be triggered and applied to existing matched resources. Defaults to “false” if not specified. |
NamespaceConstraint
(Appears on: Constraints)
NamespaceConstraint places a constraint around the namespaces on clusters
| Field | Description |
|---|---|
| allowed Kubernetes meta/v1.LabelSelector | Allowed is a collection of namespaces permitted access to the role |
| denied Kubernetes meta/v1.LabelSelector | Denied provides the means to denied one or more namespaces from the role |
NetworkConstraint
(Appears on: Constraints)
NetworkConstraint provides a collection of network ranges which the user can come from
| Field | Description |
|---|---|
| allowed []string | Allowed is a collection of network which they must originate from |
| denied []string | Denied is a collection of networks cidrs which will be denied regardless |
PolicyProviderDetails
(Appears on: ClusterPolicySpec)
PolicyProviderDetails
| Field | Description |
|---|---|
| type PolicyType | PolicyType is the specific type of policy |
| kuberbac KubeRBACParameters | KubeRBAC holds the kubernetes rbac details |
| kyverno KyvernoPolicySpec | Kyverno holds the spec for a kyverno policy |
PolicyType (string)
(Appears on: PolicyProviderDetails)
PolicyType represents the concrete type of a policy to provide
| Value | Description |
|---|---|
"KubeRBAC" | PolicyTypeKubeRBAC is for kubernetes rbac |
"Kyverno" | PolicyTypeKyverno is for kyverno policies |
StageConstraint
StageConstraint places a further constraint around which clusters can be accessed
| Field | Description |
|---|---|
| allowed []string | Allowed are the stages the clusters the access is allowed to be assumed on |
| denied []string | Denied are the stages the clusters the access is NOT allowed to be assumed on |
Subject
(Appears on: AccessRoleBindingSpec)
Subject defines a subject for AccessPolicies / AccessRoleBindings etc.
| Field | Description |
|---|---|
| kind string | Kind of object being referenced. Initially supported values include “User”, “AccessToken”, “WayfinderGroup” and “WorkspaceGroup” |
| name string | Name of the object being referenced. |
| workspace WorkspaceKey | Workspace is the workspace of the subject - only applicable to kind ‘AccessToken’ |
SubjectKind (string)
SubjectKind represents types of subject that Wayfinder can use
TimeConstraint
(Appears on: Constraints)
TimeConstraint provides a control around the time a user can assume one of more roles in wayfinder
| Field | Description |
|---|---|
| from string | Before indicates nothing before this time can access the AccessRole |
| to string | After indicate the nothing after this time access the role |
WeekDay (string)
(Appears on: DaysOfWeekConstraint)
WeekDay
security.appvia.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the security v1alpha1 API group
Resource Types:SecurityOverview
SecurityOverview contains a report about the current state of Wayfinder or a workspace
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| apiVersion string | security.appvia.io/v1alpha1 | ||||||
| kind string | SecurityOverview | ||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||
| spec SecurityOverviewSpec |
|
SecurityRule
SecurityRule contains the definition of a security rule
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | security.appvia.io/v1alpha1 | ||||||||
| kind string | SecurityRule | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec SecurityRuleSpec |
|
SecurityScanResult
SecurityScanResult contains the result of a scan against all registered rules
| Field | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| apiVersion string | security.appvia.io/v1alpha1 | ||||||||||||||
| kind string | SecurityScanResult | ||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||
| spec SecurityScanResultSpec |
|
RuleStatus (string)
(Appears on: SecurityResourceOverview, SecurityScanResultSpec, SecurityScanRuleResult)
RuleStatus values represent the possible status of compliance with a security rule.
| Value | Description |
|---|---|
"Compliant" | Compliant indicates that this target is fully compliant with the specified rule. |
"Failure" | Failure indicates that this target is uncompliant in a significant way and should be mitigated. This would typically be used for rules where compliance is considered to be vital to a well-run cluster. |
"Warning" | Warning indicates that this target is uncompliant in such a way that consideration should be made as to whether this should be remediated. This would typically be used for best practice considerations, where not being compliant isn’t necessarily a critical issue. |
SecurityOverviewSpec
(Appears on: SecurityOverview)
SecurityOverviewSpec shows the overall current security posture of Wayfinder or a workspace
| Field | Description |
|---|---|
| workspace WorkspaceKey | Workspace will be populated with the workspace key if this report is about a workspace, else unpopulated for a report for the whole of Wayfinder |
| openIssueCounts map[github.com/appvia/wayfinder/tmpcrdref/pkg/apis/security/v1alpha1.RuleStatus]uint64 | OpenIssueCounts informs how many issues of each rule status exist currently |
| resources []SecurityResourceOverview | Resources contains summaries of the open issues for each resource |
SecurityResourceOverview
(Appears on: SecurityOverviewSpec)
SecurityResourceOverview provides an overview of the open issue counts for a resource
| Field | Description |
|---|---|
| resource Ownership | Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan |
| lastChecked Kubernetes meta/v1.Time | LastChecked is the timestamp this resource was last scanned |
| overallStatus RuleStatus | OverallStatus is the overall status of this resource |
| openIssueCounts map[github.com/appvia/wayfinder/tmpcrdref/pkg/apis/security/v1alpha1.RuleStatus]uint64 | OpenIssueCounts is the summary of open issues for this resource |
SecurityRuleSpec
(Appears on: SecurityRule)
SecurityRuleSpec specifies the details of a security rule
| Field | Description |
|---|---|
| code string | Code is the unique identifier of this rule |
| name string | Name is the human-readable name of this rule |
| description string | Description is the markdown-formatted extended description of this rule. |
| appliesTo []string | AppliesTo is the list of resource types (e.g. Plan, Cluster) that this rule is applicable for |
SecurityScanResultSpec
(Appears on: SecurityScanResult)
SecurityScanResultSpec shows the overall result of a scan against all registered rules
| Field | Description |
|---|---|
| id uint64 | ID is the ID of this scan result in the data store |
| resource Ownership | Resource is a reference to the group/version/kind/namespace/name of the resource scanned by this scan |
| owningWorkspace string | OwningWorkspace is the name of the workspace that owns this resource, will be empty if it is a non-workspace resource. |
| checkedAt Kubernetes meta/v1.Time | CheckedAt is the timestamp this result was determined |
| archivedAt Kubernetes meta/v1.Time | ArchivedAt is the timestamp this result was superceded by a later scan - if ArchivedAt.IsZero() is true this is the most recent scan. |
| overallStatus RuleStatus | OverallStatus indicates the worst-case status of the rules checked in this scan |
| results []*github.com/appvia/wayfinder/tmpcrdref/pkg/apis/security/v1alpha1.SecurityScanRuleResult | Results are the underlying results of the individual rules run as part of this scan |
SecurityScanRuleResult
SecurityScanRuleResult represents the compliance status of a target with respect to a specific security rule.
| Field | Description |
|---|---|
| ruleCode string | RuleCode indicates the rule that this result relates to |
| status RuleStatus | Status indicates the compliance of the target with this rule |
| message string | Message provides additional information about the status of this rule on this target, if applicable |
| checkedAt Kubernetes meta/v1.Time | CheckedAt is the timestamp this result was determined |
This page was automatically generated with gen-crd-api-reference-docs