1
apiVersion: apiextensions.k8s.io/v1
2
kind: CustomResourceDefinition
5
app.kubernetes.io/name: appprojects.argoproj.io
6
app.kubernetes.io/part-of: argocd
7
name: appprojects.argoproj.io
12
listKind: AppProjectList
23
description: 'AppProject provides a logical grouping of applications, providing
24
controls for: * where the apps may deploy to (cluster whitelist) * what
25
may be deployed (repository whitelist, resource whitelist/blacklist) * who
26
can access these applications (roles, OIDC group claims bindings) * and
27
what they can do (RBAC policies) * automation access to these roles (JWT
31
description: 'APIVersion defines the versioned schema of this representation
32
of an object. Servers should convert recognized schemas to the latest
33
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
36
description: 'Kind is a string value representing the REST resource this
37
object represents. Servers may infer this from the endpoint the client
38
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md
43
description: AppProjectSpec is the specification of an AppProject
45
clusterResourceBlacklist:
46
description: ClusterResourceBlacklist contains list of blacklisted
47
cluster level resources
49
description: GroupKind specifies a Group and a Kind, but does not
50
force a version. This is useful for identifying concepts during
51
lookup stages without having partially valid types
62
clusterResourceWhitelist:
63
description: ClusterResourceWhitelist contains list of whitelisted
64
cluster level resources
66
description: GroupKind specifies a Group and a Kind, but does not
67
force a version. This is useful for identifying concepts during
68
lookup stages without having partially valid types
80
description: Description contains optional project description
83
description: Destinations contains list of destinations available
86
description: ApplicationDestination holds information about the
87
application's destination
90
description: Name is an alternate way of specifying the target
91
cluster by its symbolic name. This must be set if Server is
95
description: Namespace specifies the target namespace for the
96
application's resources. The namespace will only be set for
97
namespace-scoped resources that have not set a value for .metadata.namespace
100
description: Server specifies the URL of the target cluster's
101
Kubernetes control plane API. This must be set if Name is
106
namespaceResourceBlacklist:
107
description: NamespaceResourceBlacklist contains list of blacklisted
108
namespace level resources
110
description: GroupKind specifies a Group and a Kind, but does not
111
force a version. This is useful for identifying concepts during
112
lookup stages without having partially valid types
123
namespaceResourceWhitelist:
124
description: NamespaceResourceWhitelist contains list of whitelisted
125
namespace level resources
127
description: GroupKind specifies a Group and a Kind, but does not
128
force a version. This is useful for identifying concepts during
129
lookup stages without having partially valid types
141
description: OrphanedResources specifies if controller should monitor
142
orphaned resources of apps in this project
145
description: Ignore contains a list of resources that are to be
146
excluded from orphaned resources monitoring
148
description: OrphanedResourceKey is a reference to a resource
160
description: Warn indicates if warning condition should be created
161
for apps which have orphaned resources
164
permitOnlyProjectScopedClusters:
165
description: PermitOnlyProjectScopedClusters determines whether destinations
166
can only reference clusters which are project-scoped
169
description: Roles are user defined RBAC roles associated with this
172
description: ProjectRole represents a role that has access to a
176
description: Description is a description of the role
179
description: Groups are a list of OIDC group claims bound to
185
description: JWTTokens are a list of generated JWT tokens bound
188
description: JWTToken holds the issuedAt and expiresAt values
204
description: Name is a name for this role
207
description: Policies Stores a list of casbin formatted strings
208
that define access policies for the role in the project
217
description: SignatureKeys contains a list of PGP key IDs that commits
218
in Git must be signed with in order to be allowed for sync
220
description: SignatureKey is the specification of a key required
221
to verify commit signatures with
224
description: The ID of the key in hexadecimal notation
231
description: SourceNamespaces defines the namespaces application resources
232
are allowed to be created in
237
description: SourceRepos contains list of repository URLs which can
238
be used for deployment
243
description: SyncWindows controls when syncs can be run for apps in
246
description: SyncWindow contains the kind, time, duration and attributes
247
that are used to assign the syncWindows to apps
250
description: Applications contains a list of applications that
251
the window will apply to
256
description: Clusters contains a list of clusters that the window
262
description: Duration is the amount of time the sync window
266
description: Kind defines if the window allows or blocks syncs
269
description: ManualSync enables manual syncs when they would
273
description: Namespaces contains a list of namespaces that the
279
description: Schedule is the time the window will begin, specified
283
description: TimeZone of the sync that will be applied to the
290
description: AppProjectStatus contains status information for AppProject
294
additionalProperties:
295
description: JWTTokens represents a list of JWT tokens
299
description: JWTToken holds the issuedAt and expiresAt values
315
description: JWTTokensByRole contains a list of JWT tokens issued