package.appvia.io/v2beta2
Package v2beta1 contains API Schema definitions for the package API group
Exported Resource Types
Package
Package is a package definition
| Field | Description | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion | package.appvia.io/v2beta2 | ||||||||||||||||||
kind | Package | ||||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||||
| spec PackageSpec |
| ||||||||||||||||||
| status PackageStatus |
|
PackageRelease
PackageRelease is a package definition
| Field | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersion | package.appvia.io/v2beta2 | ||||||||||||||||
kind | PackageRelease | ||||||||||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||||||||||
| spec PackageReleaseSpec |
| ||||||||||||||||
| status PackageReleaseStatus |
|
PackageUpdate
PackageUpdate is the schema package version updates in Wayfinder
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
apiVersion | package.appvia.io/v2beta2 | ||||||||
kind | PackageUpdate | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec PackageUpdateSpec |
| ||||||||
| status PackageUpdateStatus |
|
Repository
Repository is a package definition
| Field | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|
apiVersion | package.appvia.io/v2beta2 | ||||||||
kind | Repository | ||||||||
| metadata Kubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the metadata field. | ||||||||
| spec RepositorySpec |
| ||||||||
| status RepositoryStatus |
|
Internal Resource Types
- AWSWorkloadIdentityProviderDetails
- AWSWorkloadIdentityRole
- AzureWorkloadIdentityProviderDetails
- AzureWorkloadIdentityRole
- EventReferenceTo
- FailedEvent
- GCPWorkloadIdentityProviderDetails
- GCPWorkloadIdentityRole
- Helm
- IAMPolicyARN
- InvalidManifest
- Manifest
- PackageReleaseSpec
- PackageReleaseStatus
- PackageSpec
- PackageStatus
- PackageUpdateOptions
- PackageUpdateSpec
- PackageUpdateStatus
- RepositorySpec
- RepositoryStatus
- UserValue
- ValueFromSecret
- Var
- WorkloadIdentity
- WorkloadIdentityProviderDetails
- WorkloadIdentityRole
AWSWorkloadIdentityProviderDetails
(Appears on: WorkloadIdentityProviderDetails)
AWSWorkloadIdentityProviderDetails provides the specific parameters for AWS
| Field | Description |
|---|---|
| iamPolicies []string | IAMPolicies defines a list of (additional) IAM policies to bind to the workload identity role It is assumed that these will exist in the target AWS account for the cluster, therefore use either built-in AWS-managed policies or make sure that your process for managing policies in your accounts will always ensure these policies exist in any account this package may be deployed into. For AWS-managed policies, specify the full ARN (e.g. arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess) For self-managed policies, specify the ARN without an account ID (e.g. arn:aws:iam:::policy/myorg-policy-s3-write) |
| customIAMPolicy k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | CustomIAMPolicy defines an additional dedicated IAM policy to create and bind to this workload identity. |
| helmServiceAccountAnnotationsPaths []string | helmServiceAccountAnnotationsPaths defines paths to the service account annotations parameter within the helm chart. AWS ManagedIdentity works based on ServiceAccounts annotations. |
AWSWorkloadIdentityRole
(Appears on: WorkloadIdentityRole)
| Field | Description |
|---|---|
| iamPolicyARNs []IAMPolicyARN | IAMPolicyARNs defines a list of IAM policies to bind to the workload identity role These must exist in the target AWS account. E.g. arn:aws:iam::aws:policy/aws-service-role/AccessAnalyzerServiceRolePolicy arn:aws:iam::aws:policy/acme-org-policy-s3-write |
| customIAMPolicyTemplate string | CustomIAMPolicyTemplate is a YAML (or json) template to produce a custom IAM policy to bind to the workload identity role. The template must compile to a valid AWS policy document. E.g.: Version: “2012-10-17” Statement: Effect: Allow Action: s3:ListBucket Resource: arn:aws:s3:::example_bucket |
AzureWorkloadIdentityProviderDetails
(Appears on: WorkloadIdentityProviderDetails)
AzureWorkloadIdentityProviderDetails provides the specific parameters for Azure
| Field | Description |
|---|---|
| helmPodLabelsPaths []string | HelmPodLabelsPath defines paths to the podLabels parameter within the helm chart. Azure ManagedIdentity works based on Pod labels. |
| helmPodSelector string | |
| helmServiceAccountAnnotationsPaths []string | HelmServiceAccountAnnotationsPaths defines paths to the service account annotations parameter within the helm chart. |
| clientIDPaths []string | ClientIDPaths defines paths to additional places in the values to set the client ID |
AzureWorkloadIdentityRole
(Appears on: WorkloadIdentityRole)
| Field | Description |
|---|---|
| roleAssignmentsTemplate string | RoleAssignmentsTemplate is a template to produce a custom role assignment to bind to the workload identity role. The template must compile to our Azure role assignment structure. See (v2beta2.AzureWorkloadIdentityRoleAssignment). E.g.: - roleDefinitionName: Reader scope: /subscriptions/{ '{{' } .CloudAccessConfig.Azure.Subscription { '}}' }/resourceGroups/{ '{{' } .Cluster.Azure.ResourceGroup { '}}' } |
EventReferenceTo
(Appears on: FailedEvent)
| Field | Description |
|---|---|
| name string | Name is the name of the object |
| namespace string | Namespace is the namespace of the object |
| kind string | Kind is the kind of the object |
FailedEvent
(Appears on: PackageReleaseStatus)
| Field | Description |
|---|---|
| message string | Message is the message of the event |
| regarding EventReferenceTo | Regarding is the reference to the object the event is about |
GCPWorkloadIdentityProviderDetails
(Appears on: WorkloadIdentityProviderDetails)
GCPWorkloadIdentityProviderDetails provides the specific parameters for GCP
| Field | Description |
|---|---|
| helmServiceAccountAnnotationsPaths []string | HelmServiceAccountAnnotationsPaths defines paths to the service account annotations parameter within the helm chart. GCP ManagedIdentity works based on ServiceAccounts annotations. |
GCPWorkloadIdentityRole
(Appears on: WorkloadIdentityRole)
| Field | Description |
|---|---|
| iamRoleBindingsTemplate string | IAMRoleBindingsTemplate is a YAML template to produce a GCP policy to bind to the workload identity. The template must compile to an array of our GCP role policy bindings See (v2beta2.GCPWorkloadIdentityPolicyBinding). E.g.: - role: roles/dns.admin scopeType: DNS scopeID: { '{{' } .ZoneID { '}}' } |
Helm
(Appears on: PackageSpec)
Helm defines a helm package
| Field | Description |
|---|---|
| releaseName string | ReleaseName is the name of the release in the cluster |
| repositoryURL string | RepositoryURL is the url to the helm repository where the chart lives. If repositoryRef provided, this must point to the same URL as the referenced Repository. |
| repositoryRef string | RepositoryRef is a reference to a Repository resource to use for the chart repo. If provided, the referenced Repository resource must reference the same URL as the RepositoryURL field. |
| chartName string | ChartName is the name of the chart to install |
| chartVersion string | ChartVersion is the version of the chart to install |
| helmTimeout Kubernetes meta/v1.Duration | HelmTimeout is the duration to wait for helm install/upgrade operations to complete. If unspecified, the default timeout in Flux will be used. |
| values k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | Values is a collection of values to injected into the chart when rendering the package into the clusters Deprecated: Values is deprecated and will be removed in a future release - please use |
| valuesFrom []ValuesFrom | ValuesFrom is a optional collection of resources which are injected Deprecated: ValuesFrom is deprecated and will be removed in a future release - please use |
| valuesFromSecret []ValueFromSecret | ValuesFromSecret is an optional collections of values to take from a secret |
| valuesTemplate string | ValuesTemplate is a template containing the values to use |
| skipTests bool | SkipTests will skip execution of any ‘helm test’ tests defined on the package. |
IAMPolicyARN
(string alias)
(Appears on: AWSWorkloadIdentityRole)
IAMPolicyARN is a string type for an IAM policy ARN
InvalidManifest
(Appears on: PackageReleaseStatus)
| Field | Description |
|---|---|
| invalidManifest string | InvalidManifest is the invalid manifest |
| error string | Error is the error message from the invalid manifest (rendering or yaml parsing error) |
| index int | Index is the index of the manifest template this result is for |
| name string | Name is the name of the manifest template this result is for if present |
Manifest
(Appears on: PackageSpec)
Manifest defines a manifest
| Field | Description |
|---|---|
| name string | Name is an optional name for this manifest. This name is used only for your reference and has no meaning to Wayfinder. |
| template string | Template is a template of the resource |
PackageReleaseSpec
(Appears on: PackageRelease)
PackageReleaseSpec defines the the desired status for an helm package
| Field | Description |
|---|---|
| revision string | Revision is revision of the package in which is associated to the release |
| clusterRef Ownership | ClusterRef provides reference to the cluster this release is associated and intended to be installed on |
| packageRef string | PackageRef is the name of the package that this release is from |
| package PackageSpec | Package contains all the package details which has been copied over from the package definition - this creates a local copy of the package as is used to reconcile the release |
PackageReleaseStatus
(Appears on: PackageRelease)
PackageReleaseStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| appliedValues k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | AppliedValues is the rendered set of values for this package release (excluding any values derived from secrets) |
| appliedManifests []k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | AppliedManifests is the rendered set of manifests for this package release |
| appliedIdentityAccess k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON | AppliedIdentityAccess is the rendered workload identity access for this package release |
| invalidValuesTemplateResult string | InvalidValuesTemplateResult is the rendered result of the package release values template This allows troubleshooting of invalid rendered values Is NOT populated if the values template is valid (as this data is in the AppliedValues field) |
| invalidWorkloadIdentityTemplate string | InvalidWorkloadIdentityTemplate is the rendered result of the workload identity role template This allows troubleshooting of invalid rendered workload identity role Is NOT populated if the workload identity role template is valid (as this data is in the AppliedIdentityAccess field) |
| invalidManifestTemplates []InvalidManifest | InvalidManifestTemplates are the rendered result of the manifest template(s) This allows troubleshooting of invalid rendered kubernetes manifests Is NOT populated if all the manifest templates are valid (as this data is in the AppliedManifests field) |
| failedEvents []FailedEvent | FailedEvents is a list of events from the namespace where the release is installed Only warnings and errors are included Only populated if the release has failed |
PackageSpec
(Appears on: Package, PackageReleaseSpec)
PackageSpec defines a helm package
| Field | Description |
|---|---|
| version ObjectVersion | Version identifies the version of this overall package. It must be incremented to produce new publishable/consumable versions of the package definition. Most fields are immutable without incrementing this version. Must be a valid semver in the format X.Y.Z without a ‘v’ prefix. An optional -suffix can be provided; note in semver that 1.0.0 is after 1.0.0-1. |
| installNamespace string | InstallNamespace is the location to install the package |
| description string | Description provides short description as to use of the package |
| helm Helm | Helm is a helm chart |
| manifests []Manifest | Manifests defines kubernetes resources that should be deployed. Manifests will be deployed in the order specified. |
| dependencies []string | Dependencies provides a list of dependent services which have to deployed before this package can be installed |
| selectors Kubernetes meta/v1.LabelSelector | Selectors are the label matching selectors for where the package should be installed Deprecated: Selectors are deprecated and will be removed in a future release - convert to using package references on ClusterPlans. |
| userValues []UserValue | UserValues is a collection of user values that are exposed by this package |
| workloadIdentity WorkloadIdentity | WorkloadIdentity is an optional request to create a workload identity |
PackageStatus
(Appears on: Package)
PackageStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| RoutingStatus RoutingStatus | (Members of RoutingStatus are embedded into this type.) |
PackageUpdateOptions
(Appears on: PackageUpdateSpec)
PackageUpdateOptions are the options for updating a package
PackageUpdateSpec
(Appears on: PackageUpdate)
| Field | Description |
|---|---|
| UpdateSpec UpdateSpec | (Members of UpdateSpec are embedded into this type.) |
| packageToUpdate string | PackageToUpdate is the name of the package to update on the owning cluster |
| newVersion ObjectVersion | NewVersion is the new package version to be released into the cluster |
| options PackageUpdateOptions | Options are the options for the package update |
PackageUpdateStatus
(Appears on: PackageUpdate)
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
| currentVersion ObjectVersion | CurrentVersion is the version of the package currently applied. May be empty if no package release exists. |
| startTime Kubernetes meta/v1.Time | StartTime is the time the update was started Is used to estimate the percentage complete time |
| estimatedPercentageComplete int | EstimatedPercentageComplete is the estimated percentage complete of the update - Based on the time from StartTime and a test of actual updates |
RepositorySpec
(Appears on: Repository)
RepositorySpec defines the the desired status for an helm repository
| Field | Description |
|---|---|
| description string | Description provides short description as to use of the repository |
| url string | The Helm repository URL, a valid URL contains at least a protocol and host. |
| authSecretRef string | (Optional) The secret for authenticating to the helm repository |
| tlsSecretRef string | (Optional) The secret for tls authentication and/or a certificate for the repository |
RepositoryStatus
(Appears on: Repository)
RepositoryStatus defines the observed state of the package
| Field | Description |
|---|---|
| CommonStatus CommonStatus | (Members of CommonStatus are embedded into this type.) |
UserValue
(Appears on: PackageSpec)
UserValue defines a value exposed to the user
| Field | Description |
|---|---|
| name string | Name is the name of the value field |
| description string | Description is an explanation of value’s significance/usage |
| value string | Value is a representation of the value |
ValueFromSecret
(Appears on: Helm)
| Field | Description |
|---|---|
| secretRef string | SecretRef is the reference to the platform secret |
| Value Value | (Members of Value are embedded into this type.) |
Var
Var defines a value exposed to the user
| Field | Description |
|---|---|
| name string | Name is the name of the value field |
| value string | Value is a representation of the value |
WorkloadIdentity
(Appears on: PackageSpec)
WorkloadIdentity defines values for the WorkloadIdentity that should be created
| Field | Description |
|---|---|
| serviceAccountName string | ServiceAccountName is the name of the service account in the installNamespace which will use this identity in the target cluster. |
| identityOnly bool | IdentityOnly will create an identity associated with a cluster with no specific permissions Must specify Role=None if this is true. In AWS: - An IAM role is created and associated with a specific Kubernetes service account - no inline or attached policies are managed (post creation of the IAM role) - It is a “user” responsibility to attach policies to the IAM role In Azure: - The user defined managed identity is created - No role definitions or role assignments are created - It is a “user” responsibility to create relevant role assignments |
| builtInRoleName WorkloadIdentityRole | BuiltInRoleName must be the name of a valid workload identity role known to Wayfinder |
| roleParameters map[string]string | RoleParameters are any parameters required for the specified role |
| role WorkloadIdentityRole | Role allows the permissions of a workload identity to be specified |
| cloudResourceName string | CloudResourceName specifies the name of the workload identity in the cloudaccount Can be left blank so that the name is derived from the cluster name + resource name |
| providerDetails WorkloadIdentityProviderDetails | ProviderDetails provides additional fields which can be used for cloud-provider specific data, such as a GCP billing account ID. |
WorkloadIdentityProviderDetails
(Appears on: WorkloadIdentity)
| Field | Description |
|---|---|
| aws AWSWorkloadIdentityProviderDetails | AWS holds parameters specific to AWS workload identity |
| azure AzureWorkloadIdentityProviderDetails | Azure holds parameters specific to Azure workload identity |
| gcp GCPWorkloadIdentityProviderDetails | GCP holds parameters specific to GCP workload identity |
WorkloadIdentityRole
(Appears on: WorkloadIdentity)
| Field | Description |
|---|---|
| aws AWSWorkloadIdentityRole | AWS holds parameters specific to an AWS workload identity IRSA role |
| azure AzureWorkloadIdentityRole | Azure holds parameters specific to an Azure workload identity |
| gcp GCPWorkloadIdentityRole | GCP holds parameters specific to GCP workload identity |