argo-cd
2310 строк · 79.7 Кб
1// This file was autogenerated by go-to-protobuf. Do not edit it manually!3syntax = "proto2";5package github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1;7import "k8s.io/api/core/v1/generated.proto";9import "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto";10import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto";11import "k8s.io/apimachinery/pkg/runtime/generated.proto";12import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto";13import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";14// Package-wide variables from generator "generated".16option go_package = "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1";17// AWSAuthConfig is an AWS IAM authentication configuration19message AWSAuthConfig {20// ClusterName contains AWS cluster name21optional string clusterName = 1;22// RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.24optional string roleARN = 2;25// Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.27optional string profile = 3;28}29// AppProject provides a logical grouping of applications, providing controls for:31// * where the apps may deploy to (cluster whitelist)32// * what may be deployed (repository whitelist, resource whitelist/blacklist)33// * who can access these applications (roles, OIDC group claims bindings)34// * and what they can do (RBAC policies)35// * automation access to these roles (JWT tokens)36// +genclient37// +genclient:noStatus38// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object39// +kubebuilder:resource:path=appprojects,shortName=appproj;appprojs40message AppProject {41optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;42optional AppProjectSpec spec = 2;44optional AppProjectStatus status = 3;46}47// AppProjectList is list of AppProject resources49// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object50message AppProjectList {51optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;52repeated AppProject items = 2;54}55// AppProjectSpec is the specification of an AppProject57message AppProjectSpec {58// SourceRepos contains list of repository URLs which can be used for deployment59repeated string sourceRepos = 1;60// Destinations contains list of destinations available for deployment62repeated ApplicationDestination destinations = 2;63// Description contains optional project description65optional string description = 3;66// Roles are user defined RBAC roles associated with this project68repeated ProjectRole roles = 4;69// ClusterResourceWhitelist contains list of whitelisted cluster level resources71repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceWhitelist = 5;72// NamespaceResourceBlacklist contains list of blacklisted namespace level resources74repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceBlacklist = 6;75// OrphanedResources specifies if controller should monitor orphaned resources of apps in this project77optional OrphanedResourcesMonitorSettings orphanedResources = 7;78// SyncWindows controls when syncs can be run for apps in this project80repeated SyncWindow syncWindows = 8;81// NamespaceResourceWhitelist contains list of whitelisted namespace level resources83repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind namespaceResourceWhitelist = 9;84// SignatureKeys contains a list of PGP key IDs that commits in Git must be signed with in order to be allowed for sync86repeated SignatureKey signatureKeys = 10;87// ClusterResourceBlacklist contains list of blacklisted cluster level resources89repeated k8s.io.apimachinery.pkg.apis.meta.v1.GroupKind clusterResourceBlacklist = 11;90// SourceNamespaces defines the namespaces application resources are allowed to be created in92repeated string sourceNamespaces = 12;93// PermitOnlyProjectScopedClusters determines whether destinations can only reference clusters which are project-scoped95optional bool permitOnlyProjectScopedClusters = 13;96}97// AppProjectStatus contains status information for AppProject CRs99message AppProjectStatus {100// JWTTokensByRole contains a list of JWT tokens issued for a given role101map<string, JWTTokens> jwtTokensByRole = 1;102}103// Application is a definition of Application resource.105// +genclient106// +genclient:noStatus107// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object108// +kubebuilder:resource:path=applications,shortName=app;apps109// +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status`110// +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status`111// +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10112message Application {113optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;114optional ApplicationSpec spec = 2;116optional ApplicationStatus status = 3;118optional Operation operation = 4;120}121// ApplicationCondition contains details about an application condition, which is usually an error or warning123message ApplicationCondition {124// Type is an application condition type125optional string type = 1;126// Message contains human-readable message indicating details about condition128optional string message = 2;129// LastTransitionTime is the time the condition was last observed131optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;132}133// ApplicationDestination holds information about the application's destination135message ApplicationDestination {136// Server specifies the URL of the target cluster's Kubernetes control plane API. This must be set if Name is not set.137optional string server = 1;138// Namespace specifies the target namespace for the application's resources.140// The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace141optional string namespace = 2;142// Name is an alternate way of specifying the target cluster by its symbolic name. This must be set if Server is not set.144optional string name = 3;145}146// ApplicationList is list of Application resources148// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object149message ApplicationList {150optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;151repeated Application items = 2;153}154message ApplicationMatchExpression {156optional string key = 1;157optional string operator = 2;159repeated string values = 3;161}162message ApplicationPreservedFields {164repeated string annotations = 1;165repeated string labels = 2;167}168// ApplicationSet is a set of Application resources170// +genclient171// +genclient:noStatus172// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object173// +kubebuilder:resource:path=applicationsets,shortName=appset;appsets174// +kubebuilder:subresource:status175message ApplicationSet {176optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1;177optional ApplicationSetSpec spec = 2;179optional ApplicationSetStatus status = 3;181}182// ApplicationSetApplicationStatus contains details about each Application managed by the ApplicationSet184message ApplicationSetApplicationStatus {185// Application contains the name of the Application resource186optional string application = 1;187// LastTransitionTime is the time the status was last updated189optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 2;190// Message contains human-readable message indicating details about the status192optional string message = 3;193// Status contains the AppSet's perceived status of the managed Application resource: (Waiting, Pending, Progressing, Healthy)195optional string status = 4;196// Step tracks which step this Application should be updated in198optional string step = 5;199}200// ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning202message ApplicationSetCondition {203// Type is an applicationset condition type204optional string type = 1;205// Message contains human-readable message indicating details about condition207optional string message = 2;208// LastTransitionTime is the time the condition was last observed210optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTransitionTime = 3;211// True/False/Unknown213optional string status = 4;214// Single word camelcase representing the reason for the status eg ErrorOccurred216optional string reason = 5;217}218// ApplicationSetGenerator represents a generator at the top level of an ApplicationSet.220message ApplicationSetGenerator {221optional ListGenerator list = 1;222optional ClusterGenerator clusters = 2;224optional GitGenerator git = 3;226optional SCMProviderGenerator scmProvider = 4;228optional DuckTypeGenerator clusterDecisionResource = 5;230optional PullRequestGenerator pullRequest = 6;232optional MatrixGenerator matrix = 7;234optional MergeGenerator merge = 8;236// Selector allows to post-filter all generator.238optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9;239optional PluginGenerator plugin = 10;241}242// ApplicationSetList contains a list of ApplicationSet244// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object245// +kubebuilder:object:root=true246message ApplicationSetList {247optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;248repeated ApplicationSet items = 2;250}251// ApplicationSetNestedGenerator represents a generator nested within a combination-type generator (MatrixGenerator or253// MergeGenerator).254message ApplicationSetNestedGenerator {255optional ListGenerator list = 1;256optional ClusterGenerator clusters = 2;258optional GitGenerator git = 3;260optional SCMProviderGenerator scmProvider = 4;262optional DuckTypeGenerator clusterDecisionResource = 5;264optional PullRequestGenerator pullRequest = 6;266// Matrix should have the form of NestedMatrixGenerator268optional k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON matrix = 7;269// Merge should have the form of NestedMergeGenerator271optional k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON merge = 8;272// Selector allows to post-filter all generator.274optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 9;275optional PluginGenerator plugin = 10;277}278// ApplicationSetResourceIgnoreDifferences configures how the ApplicationSet controller will ignore differences in live280// applications when applying changes from generated applications.281message ApplicationSetResourceIgnoreDifferences {282// Name is the name of the application to ignore differences for. If not specified, the rule applies to all applications.283optional string name = 1;284// JSONPointers is a list of JSON pointers to fields to ignore differences for.286repeated string jsonPointers = 2;287// JQPathExpressions is a list of JQ path expressions to fields to ignore differences for.289repeated string jqPathExpressions = 3;290}291message ApplicationSetRolloutStep {293repeated ApplicationMatchExpression matchExpressions = 1;294optional k8s.io.apimachinery.pkg.util.intstr.IntOrString maxUpdate = 2;296}297message ApplicationSetRolloutStrategy {299repeated ApplicationSetRolloutStep steps = 1;300}301// ApplicationSetSpec represents a class of application set state.303message ApplicationSetSpec {304optional bool goTemplate = 1;305repeated ApplicationSetGenerator generators = 2;307optional ApplicationSetTemplate template = 3;309optional ApplicationSetSyncPolicy syncPolicy = 4;311optional ApplicationSetStrategy strategy = 5;313optional ApplicationPreservedFields preservedFields = 6;315repeated string goTemplateOptions = 7;317// ApplyNestedSelectors enables selectors defined within the generators of two level-nested matrix or merge generators319optional bool applyNestedSelectors = 8;320repeated ApplicationSetResourceIgnoreDifferences ignoreApplicationDifferences = 9;322optional string templatePatch = 10;324}325// ApplicationSetStatus defines the observed state of ApplicationSet327message ApplicationSetStatus {328// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster329// Important: Run "make" to regenerate code after modifying this file330repeated ApplicationSetCondition conditions = 1;331repeated ApplicationSetApplicationStatus applicationStatus = 2;333}334// ApplicationSetStrategy configures how generated Applications are updated in sequence.336message ApplicationSetStrategy {337optional string type = 1;338optional ApplicationSetRolloutStrategy rollingSync = 2;340}341// ApplicationSetSyncPolicy configures how generated Applications will relate to their343// ApplicationSet.344message ApplicationSetSyncPolicy {345// PreserveResourcesOnDeletion will preserve resources on deletion. If PreserveResourcesOnDeletion is set to true, these Applications will not be deleted.346optional bool preserveResourcesOnDeletion = 1;347// ApplicationsSync represents the policy applied on the generated applications. Possible values are create-only, create-update, create-delete, sync349// +kubebuilder:validation:Optional350// +kubebuilder:validation:Enum=create-only;create-update;create-delete;sync351optional string applicationsSync = 2;352}353// ApplicationSetTemplate represents argocd ApplicationSpec355message ApplicationSetTemplate {356optional ApplicationSetTemplateMeta metadata = 1;357optional ApplicationSpec spec = 2;359}360// ApplicationSetTemplateMeta represents the Argo CD application fields that may362// be used for Applications generated from the ApplicationSet (based on metav1.ObjectMeta)363message ApplicationSetTemplateMeta {364optional string name = 1;365optional string namespace = 2;367map<string, string> labels = 3;369map<string, string> annotations = 4;371repeated string finalizers = 5;373}374// ApplicationSetTerminalGenerator represents a generator nested within a nested generator (for example, a list within376// a merge within a matrix). A generator at this level may not be a combination-type generator (MatrixGenerator or377// MergeGenerator). ApplicationSet enforces this nesting depth limit because CRDs do not support recursive types.378// https://github.com/kubernetes-sigs/controller-tools/issues/477379message ApplicationSetTerminalGenerator {380optional ListGenerator list = 1;381optional ClusterGenerator clusters = 2;383optional GitGenerator git = 3;385optional SCMProviderGenerator scmProvider = 4;387optional DuckTypeGenerator clusterDecisionResource = 5;389optional PullRequestGenerator pullRequest = 6;391optional PluginGenerator plugin = 7;393// Selector allows to post-filter all generator.395optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8;396}397// ApplicationSource contains all required information about the source of an application399message ApplicationSource {400// RepoURL is the URL to the repository (Git or Helm) that contains the application manifests401optional string repoURL = 1;402// Path is a directory path within the Git repository, and is only valid for applications sourced from Git.404optional string path = 2;405// TargetRevision defines the revision of the source to sync the application to.407// In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD.408// In case of Helm, this is a semver tag for the Chart's version.409optional string targetRevision = 4;410// Helm holds helm specific options412optional ApplicationSourceHelm helm = 7;413// Kustomize holds kustomize specific options415optional ApplicationSourceKustomize kustomize = 8;416// Directory holds path/directory specific options418optional ApplicationSourceDirectory directory = 10;419// Plugin holds config management plugin specific options421optional ApplicationSourcePlugin plugin = 11;422// Chart is a Helm chart name, and must be specified for applications sourced from a Helm repo.424optional string chart = 12;425// Ref is reference to another source within sources field. This field will not be used if used with a `source` tag.427optional string ref = 13;428}429// ApplicationSourceDirectory holds options for applications of type plain YAML or Jsonnet431message ApplicationSourceDirectory {432// Recurse specifies whether to scan a directory recursively for manifests433optional bool recurse = 1;434// Jsonnet holds options specific to Jsonnet436optional ApplicationSourceJsonnet jsonnet = 2;437// Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during manifest generation439optional string exclude = 3;440// Include contains a glob pattern to match paths against that should be explicitly included during manifest generation442optional string include = 4;443}444// ApplicationSourceHelm holds helm specific options446message ApplicationSourceHelm {447// ValuesFiles is a list of Helm value files to use when generating a template448repeated string valueFiles = 1;449// Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation451repeated HelmParameter parameters = 2;452// ReleaseName is the Helm release name to use. If omitted it will use the application name454optional string releaseName = 3;455// Values specifies Helm values to be passed to helm template, typically defined as a block. ValuesObject takes precedence over Values, so use one or the other.457// +patchStrategy=replace458optional string values = 4;459// FileParameters are file parameters to the helm template461repeated HelmFileParameter fileParameters = 5;462// Version is the Helm version to use for templating ("3")464optional string version = 6;465// PassCredentials pass credentials to all domains (Helm's --pass-credentials)467optional bool passCredentials = 7;468// IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values470optional bool ignoreMissingValueFiles = 8;471// SkipCrds skips custom resource definition installation step (Helm's --skip-crds)473optional bool skipCrds = 9;474// ValuesObject specifies Helm values to be passed to helm template, defined as a map. This takes precedence over Values.476// +kubebuilder:pruning:PreserveUnknownFields477optional k8s.io.apimachinery.pkg.runtime.RawExtension valuesObject = 10;478}479// ApplicationSourceJsonnet holds options specific to applications of type Jsonnet481message ApplicationSourceJsonnet {482// ExtVars is a list of Jsonnet External Variables483repeated JsonnetVar extVars = 1;484// TLAS is a list of Jsonnet Top-level Arguments486repeated JsonnetVar tlas = 2;487// Additional library search dirs489repeated string libs = 3;490}491// ApplicationSourceKustomize holds options specific to an Application source specific to Kustomize493message ApplicationSourceKustomize {494// NamePrefix is a prefix appended to resources for Kustomize apps495optional string namePrefix = 1;496// NameSuffix is a suffix appended to resources for Kustomize apps498optional string nameSuffix = 2;499// Images is a list of Kustomize image override specifications501repeated string images = 3;502// CommonLabels is a list of additional labels to add to rendered manifests504map<string, string> commonLabels = 4;505// Version controls which version of Kustomize to use for rendering manifests507optional string version = 5;508// CommonAnnotations is a list of additional annotations to add to rendered manifests510map<string, string> commonAnnotations = 6;511// ForceCommonLabels specifies whether to force applying common labels to resources for Kustomize apps513optional bool forceCommonLabels = 7;514// ForceCommonAnnotations specifies whether to force applying common annotations to resources for Kustomize apps516optional bool forceCommonAnnotations = 8;517// Namespace sets the namespace that Kustomize adds to all resources519optional string namespace = 9;520// CommonAnnotationsEnvsubst specifies whether to apply env variables substitution for annotation values522optional bool commonAnnotationsEnvsubst = 10;523// Replicas is a list of Kustomize Replicas override specifications525repeated KustomizeReplica replicas = 11;526// Patches is a list of Kustomize patches528repeated KustomizePatch patches = 12;529// Components specifies a list of kustomize components to add to the kustomization before building531repeated string components = 13;532}533// ApplicationSourcePlugin holds options specific to config management plugins535message ApplicationSourcePlugin {536optional string name = 1;537repeated EnvEntry env = 2;539repeated ApplicationSourcePluginParameter parameters = 3;541}542message ApplicationSourcePluginParameter {544// Name is the name identifying a parameter.545optional string name = 1;546// String_ is the value of a string type parameter.548optional string string = 5;549// Map is the value of a map type parameter.551optional OptionalMap map = 3;552// Array is the value of an array type parameter.554optional OptionalArray array = 4;555}556// ApplicationSpec represents desired application state. Contains link to repository with application definition and additional parameters link definition revision.558message ApplicationSpec {559// Source is a reference to the location of the application's manifests or chart560optional ApplicationSource source = 1;561// Destination is a reference to the target Kubernetes server and namespace563optional ApplicationDestination destination = 2;564// Project is a reference to the project this application belongs to.566// The empty string means that application belongs to the 'default' project.567optional string project = 3;568// SyncPolicy controls when and how a sync will be performed570optional SyncPolicy syncPolicy = 4;571// IgnoreDifferences is a list of resources and their fields which should be ignored during comparison573repeated ResourceIgnoreDifferences ignoreDifferences = 5;574// Info contains a list of information (URLs, email addresses, and plain text) that relates to the application576repeated Info info = 6;577// RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions.579// This should only be changed in exceptional circumstances.580// Setting to zero will store no history. This will reduce storage used.581// Increasing will increase the space used to store the history, so we do not recommend increasing it.582// Default is 10.583optional int64 revisionHistoryLimit = 7;584// Sources is a reference to the location of the application's manifests or chart586repeated ApplicationSource sources = 8;587}588// ApplicationStatus contains status information for the application590message ApplicationStatus {591// Resources is a list of Kubernetes resources managed by this application592repeated ResourceStatus resources = 1;593// Sync contains information about the application's current sync status595optional SyncStatus sync = 2;596// Health contains information about the application's current health status598optional HealthStatus health = 3;599// History contains information about the application's sync history601repeated RevisionHistory history = 4;602// Conditions is a list of currently observed application conditions604repeated ApplicationCondition conditions = 5;605// ReconciledAt indicates when the application state was reconciled using the latest git version607optional k8s.io.apimachinery.pkg.apis.meta.v1.Time reconciledAt = 6;608// OperationState contains information about any ongoing operations, such as a sync610optional OperationState operationState = 7;611// ObservedAt indicates when the application state was updated without querying latest git state613// Deprecated: controller no longer updates ObservedAt field614optional k8s.io.apimachinery.pkg.apis.meta.v1.Time observedAt = 8;615// SourceType specifies the type of this application617optional string sourceType = 9;618// Summary contains a list of URLs and container images used by this application620optional ApplicationSummary summary = 10;621// ResourceHealthSource indicates where the resource health status is stored: inline if not set or appTree623optional string resourceHealthSource = 11;624// SourceTypes specifies the type of the sources included in the application626repeated string sourceTypes = 12;627// ControllerNamespace indicates the namespace in which the application controller is located629optional string controllerNamespace = 13;630}631// ApplicationSummary contains information about URLs and container images used by an application633message ApplicationSummary {634// ExternalURLs holds all external URLs of application child resources.635repeated string externalURLs = 1;636// Images holds all images of application child resources.638repeated string images = 2;639}640// ApplicationTree holds nodes which belongs to the application642// TODO: describe purpose of this type643message ApplicationTree {644// Nodes contains list of nodes which either directly managed by the application and children of directly managed nodes.645repeated ResourceNode nodes = 1;646// OrphanedNodes contains if or orphaned nodes: nodes which are not managed by the app but in the same namespace. List is populated only if orphaned resources enabled in app project.648repeated ResourceNode orphanedNodes = 2;649// Hosts holds list of Kubernetes nodes that run application related pods651repeated HostInfo hosts = 3;652}653// ApplicationWatchEvent contains information about application change.655message ApplicationWatchEvent {656optional string type = 1;657// Application is:659// * If Type is Added or Modified: the new state of the object.660// * If Type is Deleted: the state of the object immediately before deletion.661// * If Type is Error: *api.Status is recommended; other types may make sense662// depending on context.663optional Application application = 2;664}665// Backoff is the backoff strategy to use on subsequent retries for failing syncs667message Backoff {668// Duration is the amount to back off. Default unit is seconds, but could also be a duration (e.g. "2m", "1h")669optional string duration = 1;670// Factor is a factor to multiply the base duration after each failed retry672optional int64 factor = 2;673// MaxDuration is the maximum amount of time allowed for the backoff strategy675optional string maxDuration = 3;676}677// BasicAuthBitbucketServer defines the username/(password or personal access token) for Basic auth.679message BasicAuthBitbucketServer {680// Username for Basic auth681optional string username = 1;682// Password (or personal access token) reference.684optional SecretRef passwordRef = 2;685}686// BearerTokenBitbucketCloud defines the Bearer token for BitBucket AppToken auth.688message BearerTokenBitbucketCloud {689// Password (or personal access token) reference.690optional SecretRef tokenRef = 1;691}692// ChartDetails contains helm chart metadata for a specific version694message ChartDetails {695optional string description = 1;696// The URL of this projects home page, e.g. "http://example.com"698optional string home = 2;699// List of maintainer details, name and email, e.g. ["John Doe <john_doe@my-company.com>"]701repeated string maintainers = 3;702}703// Cluster is the definition of a cluster resource705message Cluster {706// Server is the API server URL of the Kubernetes cluster707optional string server = 1;708// Name of the cluster. If omitted, will use the server address710optional string name = 2;711// Config holds cluster information for connecting to a cluster713optional ClusterConfig config = 3;714// DEPRECATED: use Info.ConnectionState field instead.716// ConnectionState contains information about cluster connection state717optional ConnectionState connectionState = 4;718// DEPRECATED: use Info.ServerVersion field instead.720// The server version721optional string serverVersion = 5;722// Holds list of namespaces which are accessible in that cluster. Cluster level resources will be ignored if namespace list is not empty.724repeated string namespaces = 6;725// RefreshRequestedAt holds time when cluster cache refresh has been requested727optional k8s.io.apimachinery.pkg.apis.meta.v1.Time refreshRequestedAt = 7;728// Info holds information about cluster cache and state730optional ClusterInfo info = 8;731// Shard contains optional shard number. Calculated on the fly by the application controller if not specified.733optional int64 shard = 9;734// Indicates if cluster level resources should be managed. This setting is used only if cluster is connected in a namespaced mode.736optional bool clusterResources = 10;737// Reference between project and cluster that allow you automatically to be added as item inside Destinations project entity739optional string project = 11;740// Labels for cluster secret metadata742map<string, string> labels = 12;743// Annotations for cluster secret metadata745map<string, string> annotations = 13;746}747// ClusterCacheInfo contains information about the cluster cache749message ClusterCacheInfo {750// ResourcesCount holds number of observed Kubernetes resources751optional int64 resourcesCount = 1;752// APIsCount holds number of observed Kubernetes API count754optional int64 apisCount = 2;755// LastCacheSyncTime holds time of most recent cache synchronization757optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastCacheSyncTime = 3;758}759// ClusterConfig is the configuration attributes. This structure is subset of the go-client761// rest.Config with annotations added for marshalling.762message ClusterConfig {763// Server requires Basic authentication764optional string username = 1;765optional string password = 2;767// Server requires Bearer authentication. This client will not attempt to use769// refresh tokens for an OAuth2 flow.770// TODO: demonstrate an OAuth2 compatible client.771optional string bearerToken = 3;772// TLSClientConfig contains settings to enable transport layer security774optional TLSClientConfig tlsClientConfig = 4;775// AWSAuthConfig contains IAM authentication configuration777optional AWSAuthConfig awsAuthConfig = 5;778// ExecProviderConfig contains configuration for an exec provider780optional ExecProviderConfig execProviderConfig = 6;781}782// ClusterGenerator defines a generator to match against clusters registered with ArgoCD.784message ClusterGenerator {785// Selector defines a label selector to match against all clusters registered with ArgoCD.786// Clusters today are stored as Kubernetes Secrets, thus the Secret labels will be used787// for matching the selector.788optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 1;789optional ApplicationSetTemplate template = 2;791// Values contains key/value pairs which are passed directly as parameters to the template793map<string, string> values = 3;794}795// ClusterInfo contains information about the cluster797message ClusterInfo {798// ConnectionState contains information about the connection to the cluster799optional ConnectionState connectionState = 1;800// ServerVersion contains information about the Kubernetes version of the cluster802optional string serverVersion = 2;803// CacheInfo contains information about the cluster cache805optional ClusterCacheInfo cacheInfo = 3;806// ApplicationsCount is the number of applications managed by Argo CD on the cluster808optional int64 applicationsCount = 4;809// APIVersions contains list of API versions supported by the cluster811repeated string apiVersions = 5;812}813// ClusterList is a collection of Clusters.815message ClusterList {816optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;817repeated Cluster items = 2;819}820// Command holds binary path and arguments list822message Command {823repeated string command = 1;824repeated string args = 2;826}827// ComparedTo contains application source and target which was used for resources comparison829message ComparedTo {830// Source is a reference to the application's source used for comparison831optional ApplicationSource source = 1;832// Destination is a reference to the application's destination used for comparison834optional ApplicationDestination destination = 2;835// Sources is a reference to the application's multiple sources used for comparison837repeated ApplicationSource sources = 3;838// IgnoreDifferences is a reference to the application's ignored differences used for comparison840repeated ResourceIgnoreDifferences ignoreDifferences = 4;841}842// ComponentParameter contains information about component parameter value844message ComponentParameter {845optional string component = 1;846optional string name = 2;848optional string value = 3;850}851// ConfigManagementPlugin contains config management plugin configuration853message ConfigManagementPlugin {854optional string name = 1;855optional Command init = 2;857optional Command generate = 3;859optional bool lockRepo = 4;861}862// ConnectionState contains information about remote resource connection state, currently used for clusters and repositories864message ConnectionState {865// Status contains the current status indicator for the connection866optional string status = 1;867// Message contains human readable information about the connection status869optional string message = 2;870// ModifiedAt contains the timestamp when this connection status has been determined872optional k8s.io.apimachinery.pkg.apis.meta.v1.Time attemptedAt = 3;873}874// DuckType defines a generator to match against clusters registered with ArgoCD.876message DuckTypeGenerator {877// ConfigMapRef is a ConfigMap with the duck type definitions needed to retrieve the data878// this includes apiVersion(group/version), kind, matchKey and validation settings879// Name is the resource name of the kind, group and version, defined in the ConfigMapRef880// RequeueAfterSeconds is how long before the duckType will be rechecked for a change881optional string configMapRef = 1;882optional string name = 2;884optional int64 requeueAfterSeconds = 3;886optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector labelSelector = 4;888optional ApplicationSetTemplate template = 5;890// Values contains key/value pairs which are passed directly as parameters to the template892map<string, string> values = 6;893}894// EnvEntry represents an entry in the application's environment896message EnvEntry {897// Name is the name of the variable, usually expressed in uppercase898optional string name = 1;899// Value is the value of the variable901optional string value = 2;902}903// ExecProviderConfig is config used to call an external command to perform cluster authentication905// See: https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig906message ExecProviderConfig {907// Command to execute908optional string command = 1;909// Arguments to pass to the command when executing it911repeated string args = 2;912// Env defines additional environment variables to expose to the process914map<string, string> env = 3;915// Preferred input version of the ExecInfo917optional string apiVersion = 4;918// This text is shown to the user when the executable doesn't seem to be present920optional string installHint = 5;921}922message GitDirectoryGeneratorItem {924optional string path = 1;925optional bool exclude = 2;927}928message GitFileGeneratorItem {930optional string path = 1;931}932message GitGenerator {934optional string repoURL = 1;935repeated GitDirectoryGeneratorItem directories = 2;937repeated GitFileGeneratorItem files = 3;939optional string revision = 4;941optional int64 requeueAfterSeconds = 5;943optional ApplicationSetTemplate template = 6;945optional string pathParamPrefix = 7;947// Values contains key/value pairs which are passed directly as parameters to the template949map<string, string> values = 8;950}951// GnuPGPublicKey is a representation of a GnuPG public key953message GnuPGPublicKey {954// KeyID specifies the key ID, in hexadecimal string format955optional string keyID = 1;956// Fingerprint is the fingerprint of the key958optional string fingerprint = 2;959// Owner holds the owner identification, e.g. a name and e-mail address961optional string owner = 3;962// Trust holds the level of trust assigned to this key964optional string trust = 4;965// SubType holds the key's sub type (e.g. rsa4096)967optional string subType = 5;968// KeyData holds the raw key data, in base64 encoded format970optional string keyData = 6;971}972// GnuPGPublicKeyList is a collection of GnuPGPublicKey objects974message GnuPGPublicKeyList {975optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;976repeated GnuPGPublicKey items = 2;978}979// HealthStatus contains information about the currently observed health state of an application or resource981message HealthStatus {982// Status holds the status code of the application or resource983optional string status = 1;984// Message is a human-readable informational message describing the health status986optional string message = 2;987}988// HelmFileParameter is a file parameter that's passed to helm template during manifest generation990message HelmFileParameter {991// Name is the name of the Helm parameter992optional string name = 1;993// Path is the path to the file containing the values for the Helm parameter995optional string path = 2;996}997// HelmOptions holds helm options999message HelmOptions {1000repeated string valuesFileSchemes = 1;1001}1002// HelmParameter is a parameter that's passed to helm template during manifest generation1004message HelmParameter {1005// Name is the name of the Helm parameter1006optional string name = 1;1007// Value is the value for the Helm parameter1009optional string value = 2;1010// ForceString determines whether to tell Helm to interpret booleans and numbers as strings1012optional bool forceString = 3;1013}1014// HostInfo holds host name and resources metrics1016// TODO: describe purpose of this type1017// TODO: describe members of this type1018message HostInfo {1019optional string name = 1;1020repeated HostResourceInfo resourcesInfo = 2;1022optional k8s.io.api.core.v1.NodeSystemInfo systemInfo = 3;1024}1025// TODO: describe this type1027message HostResourceInfo {1028optional string resourceName = 1;1029optional int64 requestedByApp = 2;1031optional int64 requestedByNeighbors = 3;1033optional int64 capacity = 4;1035}1036message Info {1038optional string name = 1;1039optional string value = 2;1041}1042// InfoItem contains arbitrary, human readable information about an application1044message InfoItem {1045// Name is a human readable title for this piece of information.1046optional string name = 1;1047// Value is human readable content.1049optional string value = 2;1050}1051// JWTToken holds the issuedAt and expiresAt values of a token1053message JWTToken {1054optional int64 iat = 1;1055optional int64 exp = 2;1057optional string id = 3;1059}1060// JWTTokens represents a list of JWT tokens1062message JWTTokens {1063repeated JWTToken items = 1;1064}1065// JsonnetVar represents a variable to be passed to jsonnet during manifest generation1067message JsonnetVar {1068optional string name = 1;1069optional string value = 2;1071optional bool code = 3;1073}1074// KnownTypeField contains mapping between CRD field and known Kubernetes type.1076// This is mainly used for unit conversion in unknown resources (e.g. 0.1 == 100mi)1077// TODO: Describe the members of this type1078message KnownTypeField {1079optional string field = 1;1080optional string type = 2;1082}1083message KustomizeGvk {1085optional string group = 1;1086optional string version = 2;1088optional string kind = 3;1090}1091// KustomizeOptions are options for kustomize to use when building manifests1093message KustomizeOptions {1094// BuildOptions is a string of build parameters to use when calling `kustomize build`1095optional string buildOptions = 1;1096// BinaryPath holds optional path to kustomize binary1098optional string binaryPath = 2;1099}1100message KustomizePatch {1102optional string path = 1;1103optional string patch = 2;1105optional KustomizeSelector target = 3;1107map<string, bool> options = 4;1109}1110message KustomizeReplica {1112// Name of Deployment or StatefulSet1113optional string name = 1;1114// Number of replicas1116optional k8s.io.apimachinery.pkg.util.intstr.IntOrString count = 2;1117}1118message KustomizeResId {1120optional KustomizeGvk gvk = 1;1121optional string name = 2;1123optional string namespace = 3;1125}1126message KustomizeSelector {1128optional KustomizeResId resId = 1;1129optional string annotationSelector = 2;1131optional string labelSelector = 3;1133}1134// ListGenerator include items info1136message ListGenerator {1137repeated k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON elements = 1;1138optional ApplicationSetTemplate template = 2;1140optional string elementsYaml = 3;1142}1143message ManagedNamespaceMetadata {1145map<string, string> labels = 1;1146map<string, string> annotations = 2;1148}1149// MatrixGenerator generates the cartesian product of two sets of parameters. The parameters are defined by two nested1151// generators.1152message MatrixGenerator {1153repeated ApplicationSetNestedGenerator generators = 1;1154optional ApplicationSetTemplate template = 2;1156}1157// MergeGenerator merges the output of two or more generators. Where the values for all specified merge keys are equal1159// between two sets of generated parameters, the parameter sets will be merged with the parameters from the latter1160// generator taking precedence. Parameter sets with merge keys not present in the base generator's params will be1161// ignored.1162// For example, if the first generator produced [{a: '1', b: '2'}, {c: '1', d: '1'}] and the second generator produced1163// [{'a': 'override'}], the united parameters for merge keys = ['a'] would be1164// [{a: 'override', b: '1'}, {c: '1', d: '1'}].1165//1166// MergeGenerator supports template overriding. If a MergeGenerator is one of multiple top-level generators, its1167// template will be merged with the top-level generator before the parameters are applied.1168message MergeGenerator {1169repeated ApplicationSetNestedGenerator generators = 1;1170repeated string mergeKeys = 2;1172optional ApplicationSetTemplate template = 3;1174}1175// NestedMatrixGenerator is a MatrixGenerator nested under another combination-type generator (MatrixGenerator or1177// MergeGenerator). NestedMatrixGenerator does not have an override template, because template overriding has no meaning1178// within the constituent generators of combination-type generators.1179//1180// NOTE: Nested matrix generator is not included directly in the CRD struct, instead it is included1181// as a generic 'apiextensionsv1.JSON' object, and then marshalled into a NestedMatrixGenerator1182// when processed.1183message NestedMatrixGenerator {1184repeated ApplicationSetTerminalGenerator generators = 1;1185}1186// NestedMergeGenerator is a MergeGenerator nested under another combination-type generator (MatrixGenerator or1188// MergeGenerator). NestedMergeGenerator does not have an override template, because template overriding has no meaning1189// within the constituent generators of combination-type generators.1190//1191// NOTE: Nested merge generator is not included directly in the CRD struct, instead it is included1192// as a generic 'apiextensionsv1.JSON' object, and then marshalled into a NestedMergeGenerator1193// when processed.1194message NestedMergeGenerator {1195repeated ApplicationSetTerminalGenerator generators = 1;1196repeated string mergeKeys = 2;1198}1199// Operation contains information about a requested or running operation1201message Operation {1202// Sync contains parameters for the operation1203optional SyncOperation sync = 1;1204// InitiatedBy contains information about who initiated the operations1206optional OperationInitiator initiatedBy = 2;1207// Info is a list of informational items for this operation1209repeated Info info = 3;1210// Retry controls the strategy to apply if a sync fails1212optional RetryStrategy retry = 4;1213}1214// OperationInitiator contains information about the initiator of an operation1216message OperationInitiator {1217// Username contains the name of a user who started operation1218optional string username = 1;1219// Automated is set to true if operation was initiated automatically by the application controller.1221optional bool automated = 2;1222}1223// OperationState contains information about state of a running operation1225message OperationState {1226// Operation is the original requested operation1227optional Operation operation = 1;1228// Phase is the current phase of the operation1230optional string phase = 2;1231// Message holds any pertinent messages when attempting to perform operation (typically errors).1233optional string message = 3;1234// SyncResult is the result of a Sync operation1236optional SyncOperationResult syncResult = 4;1237// StartedAt contains time of operation start1239optional k8s.io.apimachinery.pkg.apis.meta.v1.Time startedAt = 6;1240// FinishedAt contains time of operation completion1242optional k8s.io.apimachinery.pkg.apis.meta.v1.Time finishedAt = 7;1243// RetryCount contains time of operation retries1245optional int64 retryCount = 8;1246}1247message OptionalArray {1249// Array is the value of an array type parameter.1250// +optional1251repeated string array = 1;1252}1253message OptionalMap {1255// Map is the value of a map type parameter.1256// +optional1257map<string, string> map = 1;1258}1259// OrphanedResourceKey is a reference to a resource to be ignored from1261message OrphanedResourceKey {1262optional string group = 1;1263optional string kind = 2;1265optional string name = 3;1267}1268// OrphanedResourcesMonitorSettings holds settings of orphaned resources monitoring1270message OrphanedResourcesMonitorSettings {1271// Warn indicates if warning condition should be created for apps which have orphaned resources1272optional bool warn = 1;1273// Ignore contains a list of resources that are to be excluded from orphaned resources monitoring1275repeated OrphanedResourceKey ignore = 2;1276}1277// OverrideIgnoreDiff contains configurations about how fields should be ignored during diffs between1279// the desired state and live state1280message OverrideIgnoreDiff {1281// JSONPointers is a JSON path list following the format defined in RFC4627 (https://datatracker.ietf.org/doc/html/rfc6902#section-3)1282repeated string jSONPointers = 1;1283// JQPathExpressions is a JQ path list that will be evaludated during the diff process1285repeated string jqPathExpressions = 2;1286// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the1288// desired state defined in the SCM and won't be displayed in diffs1289repeated string managedFieldsManagers = 3;1290}1291message PluginConfigMapRef {1293// Name of the ConfigMap1294optional string name = 1;1295}1296// PluginGenerator defines connection info specific to Plugin.1298message PluginGenerator {1299optional PluginConfigMapRef configMapRef = 1;1300optional PluginInput input = 2;1302// RequeueAfterSeconds determines how long the ApplicationSet controller will wait before reconciling the ApplicationSet again.1304optional int64 requeueAfterSeconds = 3;1305optional ApplicationSetTemplate template = 4;1307// Values contains key/value pairs which are passed directly as parameters to the template. These values will not be1309// sent as parameters to the plugin.1310map<string, string> values = 5;1311}1312message PluginInput {1314// Parameters contains the information to pass to the plugin. It is a map. The keys must be strings, and the1315// values can be any type.1316map<string, k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSON> parameters = 1;1317}1318// ProjectRole represents a role that has access to a project1320message ProjectRole {1321// Name is a name for this role1322optional string name = 1;1323// Description is a description of the role1325optional string description = 2;1326// Policies Stores a list of casbin formatted strings that define access policies for the role in the project1328repeated string policies = 3;1329// JWTTokens are a list of generated JWT tokens bound to this role1331repeated JWTToken jwtTokens = 4;1332// Groups are a list of OIDC group claims bound to this role1334repeated string groups = 5;1335}1336// PullRequestGenerator defines a generator that scrapes a PullRequest API to find candidate pull requests.1338message PullRequestGenerator {1339// Which provider to use and config for it.1340optional PullRequestGeneratorGithub github = 1;1341optional PullRequestGeneratorGitLab gitlab = 2;1343optional PullRequestGeneratorGitea gitea = 3;1345optional PullRequestGeneratorBitbucketServer bitbucketServer = 4;1347// Filters for which pull requests should be considered.1349repeated PullRequestGeneratorFilter filters = 5;1350// Standard parameters.1352optional int64 requeueAfterSeconds = 6;1353optional ApplicationSetTemplate template = 7;1355optional PullRequestGeneratorBitbucket bitbucket = 8;1357// Additional provider to use and config for it.1359optional PullRequestGeneratorAzureDevOps azuredevops = 9;1360}1361// PullRequestGeneratorAzureDevOps defines connection info specific to AzureDevOps.1363message PullRequestGeneratorAzureDevOps {1364// Azure DevOps org to scan. Required.1365optional string organization = 1;1366// Azure DevOps project name to scan. Required.1368optional string project = 2;1369// Azure DevOps repo name to scan. Required.1371optional string repo = 3;1372// The Azure DevOps API URL to talk to. If blank, use https://dev.azure.com/.1374optional string api = 4;1375// Authentication token reference.1377optional SecretRef tokenRef = 5;1378// Labels is used to filter the PRs that you want to target1380repeated string labels = 6;1381}1382// PullRequestGeneratorBitbucket defines connection info specific to Bitbucket.1384message PullRequestGeneratorBitbucket {1385// Workspace to scan. Required.1386optional string owner = 1;1387// Repo name to scan. Required.1389optional string repo = 2;1390// The Bitbucket REST API URL to talk to. If blank, uses https://api.bitbucket.org/2.0.1392optional string api = 3;1393// Credentials for Basic auth1395optional BasicAuthBitbucketServer basicAuth = 4;1396// Credentials for AppToken (Bearer auth)1398optional BearerTokenBitbucketCloud bearerToken = 5;1399}1400// PullRequestGeneratorBitbucketServer defines connection info specific to BitbucketServer.1402message PullRequestGeneratorBitbucketServer {1403// Project to scan. Required.1404optional string project = 1;1405// Repo name to scan. Required.1407optional string repo = 2;1408// The Bitbucket REST API URL to talk to e.g. https://bitbucket.org/rest Required.1410optional string api = 3;1411// Credentials for Basic auth1413optional BasicAuthBitbucketServer basicAuth = 4;1414}1415// PullRequestGeneratorFilter is a single pull request filter.1417// If multiple filter types are set on a single struct, they will be AND'd together. All filters must1418// pass for a pull request to be included.1419message PullRequestGeneratorFilter {1420optional string branchMatch = 1;1421optional string targetBranchMatch = 2;1423}1424// PullRequestGeneratorGitLab defines connection info specific to GitLab.1426message PullRequestGeneratorGitLab {1427// GitLab project to scan. Required.1428optional string project = 1;1429// The GitLab API URL to talk to. If blank, uses https://gitlab.com/.1431optional string api = 2;1432// Authentication token reference.1434optional SecretRef tokenRef = 3;1435// Labels is used to filter the MRs that you want to target1437repeated string labels = 4;1438// PullRequestState is an additional MRs filter to get only those with a certain state. Default: "" (all states)1440optional string pullRequestState = 5;1441// Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false1443optional bool insecure = 6;1444}1445// PullRequestGeneratorGitea defines connection info specific to Gitea.1447message PullRequestGeneratorGitea {1448// Gitea org or user to scan. Required.1449optional string owner = 1;1450// Gitea repo name to scan. Required.1452optional string repo = 2;1453// The Gitea API URL to talk to. Required1455optional string api = 3;1456// Authentication token reference.1458optional SecretRef tokenRef = 4;1459// Allow insecure tls, for self-signed certificates; default: false.1461optional bool insecure = 5;1462}1463// PullRequestGenerator defines connection info specific to GitHub.1465message PullRequestGeneratorGithub {1466// GitHub org or user to scan. Required.1467optional string owner = 1;1468// GitHub repo name to scan. Required.1470optional string repo = 2;1471// The GitHub API URL to talk to. If blank, use https://api.github.com/.1473optional string api = 3;1474// Authentication token reference.1476optional SecretRef tokenRef = 4;1477// AppSecretName is a reference to a GitHub App repo-creds secret with permission to access pull requests.1479optional string appSecretName = 5;1480// Labels is used to filter the PRs that you want to target1482repeated string labels = 6;1483}1484message RefTarget {1486optional Repository repo = 1;1487optional string targetRevision = 2;1489optional string chart = 3;1491}1492// RepoCreds holds the definition for repository credentials1494message RepoCreds {1495// URL is the URL that this credentials matches to1496optional string url = 1;1497// Username for authenticating at the repo server1499optional string username = 2;1500// Password for authenticating at the repo server1502optional string password = 3;1503// SSHPrivateKey contains the private key data for authenticating at the repo server using SSH (only Git repos)1505optional string sshPrivateKey = 4;1506// TLSClientCertData specifies the TLS client cert data for authenticating at the repo server1508optional string tlsClientCertData = 5;1509// TLSClientCertKey specifies the TLS client cert key for authenticating at the repo server1511optional string tlsClientCertKey = 6;1512// GithubAppPrivateKey specifies the private key PEM data for authentication via GitHub app1514optional string githubAppPrivateKey = 7;1515// GithubAppId specifies the Github App ID of the app used to access the repo for GitHub app authentication1517optional int64 githubAppID = 8;1518// GithubAppInstallationId specifies the ID of the installed GitHub App for GitHub app authentication1520optional int64 githubAppInstallationID = 9;1521// GithubAppEnterpriseBaseURL specifies the GitHub API URL for GitHub app authentication. If empty will default to https://api.github.com1523optional string githubAppEnterpriseBaseUrl = 10;1524// EnableOCI specifies whether helm-oci support should be enabled for this repo1526optional bool enableOCI = 11;1527// Type specifies the type of the repoCreds. Can be either "git" or "helm. "git" is assumed if empty or absent.1529optional string type = 12;1530// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos1532optional string gcpServiceAccountKey = 13;1533// Proxy specifies the HTTP/HTTPS proxy used to access repos at the repo server1535optional string proxy = 19;1536// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections1538optional bool forceHttpBasicAuth = 20;1539}1540// RepositoryList is a collection of Repositories.1542message RepoCredsList {1543optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;1544repeated RepoCreds items = 2;1546}1547// Repository is a repository holding application configurations1549message Repository {1550// Repo contains the URL to the remote repository1551optional string repo = 1;1552// Username contains the user name used for authenticating at the remote repository1554optional string username = 2;1555// Password contains the password or PAT used for authenticating at the remote repository1557optional string password = 3;1558// SSHPrivateKey contains the PEM data for authenticating at the repo server. Only used with Git repos.1560optional string sshPrivateKey = 4;1561// ConnectionState contains information about the current state of connection to the repository server1563optional ConnectionState connectionState = 5;1564// InsecureIgnoreHostKey should not be used anymore, Insecure is favoured1566// Used only for Git repos1567optional bool insecureIgnoreHostKey = 6;1568// Insecure specifies whether the connection to the repository ignores any errors when verifying TLS certificates or SSH host keys1570optional bool insecure = 7;1571// EnableLFS specifies whether git-lfs support should be enabled for this repo. Only valid for Git repositories.1573optional bool enableLfs = 8;1574// TLSClientCertData contains a certificate in PEM format for authenticating at the repo server1576optional string tlsClientCertData = 9;1577// TLSClientCertKey contains a private key in PEM format for authenticating at the repo server1579optional string tlsClientCertKey = 10;1580// Type specifies the type of the repo. Can be either "git" or "helm. "git" is assumed if empty or absent.1582optional string type = 11;1583// Name specifies a name to be used for this repo. Only used with Helm repos1585optional string name = 12;1586// Whether credentials were inherited from a credential set1588optional bool inheritedCreds = 13;1589// EnableOCI specifies whether helm-oci support should be enabled for this repo1591optional bool enableOCI = 14;1592// Github App Private Key PEM data1594optional string githubAppPrivateKey = 15;1595// GithubAppId specifies the ID of the GitHub app used to access the repo1597optional int64 githubAppID = 16;1598// GithubAppInstallationId specifies the installation ID of the GitHub App used to access the repo1600optional int64 githubAppInstallationID = 17;1601// GithubAppEnterpriseBaseURL specifies the base URL of GitHub Enterprise installation. If empty will default to https://api.github.com1603optional string githubAppEnterpriseBaseUrl = 18;1604// Proxy specifies the HTTP/HTTPS proxy used to access the repo1606optional string proxy = 19;1607// Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity1609optional string project = 20;1610// GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos1612optional string gcpServiceAccountKey = 21;1613// ForceHttpBasicAuth specifies whether Argo CD should attempt to force basic auth for HTTP connections1615optional bool forceHttpBasicAuth = 22;1616}1617// A RepositoryCertificate is either SSH known hosts entry or TLS certificate1619message RepositoryCertificate {1620// ServerName specifies the DNS name of the server this certificate is intended for1621optional string serverName = 1;1622// CertType specifies the type of the certificate - currently one of "https" or "ssh"1624optional string certType = 2;1625// CertSubType specifies the sub type of the cert, i.e. "ssh-rsa"1627optional string certSubType = 3;1628// CertData contains the actual certificate data, dependent on the certificate type1630optional bytes certData = 4;1631// CertInfo will hold additional certificate info, depdendent on the certificate type (e.g. SSH fingerprint, X509 CommonName)1633optional string certInfo = 5;1634}1635// RepositoryCertificateList is a collection of RepositoryCertificates1637message RepositoryCertificateList {1638optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;1639// List of certificates to be processed1641repeated RepositoryCertificate items = 2;1642}1643// RepositoryList is a collection of Repositories.1645message RepositoryList {1646optional k8s.io.apimachinery.pkg.apis.meta.v1.ListMeta metadata = 1;1647repeated Repository items = 2;1649}1650// TODO: describe this type1652// TODO: describe members of this type1653message ResourceAction {1654optional string name = 1;1655repeated ResourceActionParam params = 2;1657optional bool disabled = 3;1659optional string iconClass = 4;1661optional string displayName = 5;1663}1664// TODO: describe this type1666// TODO: describe members of this type1667message ResourceActionDefinition {1668optional string name = 1;1669optional string actionLua = 2;1671}1672// TODO: describe this type1674// TODO: describe members of this type1675message ResourceActionParam {1676optional string name = 1;1677optional string value = 2;1679optional string type = 3;1681optional string default = 4;1683}1684// TODO: describe this type1686// TODO: describe members of this type1687message ResourceActions {1688optional string actionDiscoveryLua = 1;1689repeated ResourceActionDefinition definitions = 2;1691}1692// ResourceDiff holds the diff of a live and target resource object1694// TODO: describe members of this type1695message ResourceDiff {1696optional string group = 1;1697optional string kind = 2;1699optional string namespace = 3;1701optional string name = 4;1703// TargetState contains the JSON serialized resource manifest defined in the Git/Helm1705optional string targetState = 5;1706// TargetState contains the JSON live resource manifest1708optional string liveState = 6;1709// Diff contains the JSON patch between target and live resource1711// Deprecated: use NormalizedLiveState and PredictedLiveState to render the difference1712optional string diff = 7;1713optional bool hook = 8;1715// NormalizedLiveState contains JSON serialized live resource state with applied normalizations1717optional string normalizedLiveState = 9;1718// PredictedLiveState contains JSON serialized resource state that is calculated based on normalized and target resource state1720optional string predictedLiveState = 10;1721optional string resourceVersion = 11;1723optional bool modified = 12;1725}1726// ResourceIgnoreDifferences contains resource filter and list of json paths which should be ignored during comparison with live state.1728message ResourceIgnoreDifferences {1729optional string group = 1;1730optional string kind = 2;1732optional string name = 3;1734optional string namespace = 4;1736repeated string jsonPointers = 5;1738repeated string jqPathExpressions = 6;1740// ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the1742// desired state defined in the SCM and won't be displayed in diffs1743repeated string managedFieldsManagers = 7;1744}1745// ResourceNetworkingInfo holds networking resource related information1747// TODO: describe members of this type1748message ResourceNetworkingInfo {1749map<string, string> targetLabels = 1;1750repeated ResourceRef targetRefs = 2;1752map<string, string> labels = 3;1754repeated k8s.io.api.core.v1.LoadBalancerIngress ingress = 4;1756// ExternalURLs holds list of URLs which should be available externally. List is populated for ingress resources using rules hostnames.1758repeated string externalURLs = 5;1759}1760// ResourceNode contains information about live resource and its children1762// TODO: describe members of this type1763message ResourceNode {1764optional ResourceRef resourceRef = 1;1765repeated ResourceRef parentRefs = 2;1767repeated InfoItem info = 3;1769optional ResourceNetworkingInfo networkingInfo = 4;1771optional string resourceVersion = 5;1773repeated string images = 6;1775optional HealthStatus health = 7;1777optional k8s.io.apimachinery.pkg.apis.meta.v1.Time createdAt = 8;1779}1780// ResourceOverride holds configuration to customize resource diffing and health assessment1782// TODO: describe the members of this type1783message ResourceOverride {1784optional string healthLua = 1;1785optional bool useOpenLibs = 5;1787optional string actions = 3;1789optional OverrideIgnoreDiff ignoreDifferences = 2;1791optional OverrideIgnoreDiff ignoreResourceUpdates = 6;1793repeated KnownTypeField knownTypeFields = 4;1795}1796// ResourceRef includes fields which uniquely identify a resource1798message ResourceRef {1799optional string group = 1;1800optional string version = 2;1802optional string kind = 3;1804optional string namespace = 4;1806optional string name = 5;1808optional string uid = 6;1810}1811// ResourceResult holds the operation result details of a specific resource1813message ResourceResult {1814// Group specifies the API group of the resource1815optional string group = 1;1816// Version specifies the API version of the resource1818optional string version = 2;1819// Kind specifies the API kind of the resource1821optional string kind = 3;1822// Namespace specifies the target namespace of the resource1824optional string namespace = 4;1825// Name specifies the name of the resource1827optional string name = 5;1828// Status holds the final result of the sync. Will be empty if the resources is yet to be applied/pruned and is always zero-value for hooks1830optional string status = 6;1831// Message contains an informational or error message for the last sync OR operation1833optional string message = 7;1834// HookType specifies the type of the hook. Empty for non-hook resources1836optional string hookType = 8;1837// HookPhase contains the state of any operation associated with this resource OR hook1839// This can also contain values for non-hook resources.1840optional string hookPhase = 9;1841// SyncPhase indicates the particular phase of the sync that this result was acquired in1843optional string syncPhase = 10;1844}1845// ResourceStatus holds the current sync and health status of a resource1847// TODO: describe members of this type1848message ResourceStatus {1849optional string group = 1;1850optional string version = 2;1852optional string kind = 3;1854optional string namespace = 4;1856optional string name = 5;1858optional string status = 6;1860optional HealthStatus health = 7;1862optional bool hook = 8;1864optional bool requiresPruning = 9;1866optional int64 syncWave = 10;1868}1869// RetryStrategy contains information about the strategy to apply when a sync failed1871message RetryStrategy {1872// Limit is the maximum number of attempts for retrying a failed sync. If set to 0, no retries will be performed.1873optional int64 limit = 1;1874// Backoff controls how to backoff on subsequent retries of failed syncs1876optional Backoff backoff = 2;1877}1878// RevisionHistory contains history information about a previous sync1880message RevisionHistory {1881// Revision holds the revision the sync was performed against1882optional string revision = 2;1883// DeployedAt holds the time the sync operation completed1885optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deployedAt = 4;1886// ID is an auto incrementing identifier of the RevisionHistory1888optional int64 id = 5;1889// Source is a reference to the application source used for the sync operation1891optional ApplicationSource source = 6;1892// DeployStartedAt holds the time the sync operation started1894optional k8s.io.apimachinery.pkg.apis.meta.v1.Time deployStartedAt = 7;1895// Sources is a reference to the application sources used for the sync operation1897repeated ApplicationSource sources = 8;1898// Revisions holds the revision of each source in sources field the sync was performed against1900repeated string revisions = 9;1901// InitiatedBy contains information about who initiated the operations1903optional OperationInitiator initiatedBy = 10;1904}1905// RevisionMetadata contains metadata for a specific revision in a Git repository1907message RevisionMetadata {1908// who authored this revision,1909// typically their name and email, e.g. "John Doe <john_doe@my-company.com>",1910// but might not match this example1911optional string author = 1;1912// Date specifies when the revision was authored1914optional k8s.io.apimachinery.pkg.apis.meta.v1.Time date = 2;1915// Tags specifies any tags currently attached to the revision1917// Floating tags can move from one revision to another1918repeated string tags = 3;1919// Message contains the message associated with the revision, most likely the commit message.1921optional string message = 4;1922// SignatureInfo contains a hint on the signer if the revision was signed with GPG, and signature verification is enabled.1924optional string signatureInfo = 5;1925}1926// SCMProviderGenerator defines a generator that scrapes a SCMaaS API to find candidate repos.1928message SCMProviderGenerator {1929// Which provider to use and config for it.1930optional SCMProviderGeneratorGithub github = 1;1931optional SCMProviderGeneratorGitlab gitlab = 2;1933optional SCMProviderGeneratorBitbucket bitbucket = 3;1935optional SCMProviderGeneratorBitbucketServer bitbucketServer = 4;1937optional SCMProviderGeneratorGitea gitea = 5;1939optional SCMProviderGeneratorAzureDevOps azureDevOps = 6;1941// Filters for which repos should be considered.1943repeated SCMProviderGeneratorFilter filters = 7;1944// Which protocol to use for the SCM URL. Default is provider-specific but ssh if possible. Not all providers1946// necessarily support all protocols.1947optional string cloneProtocol = 8;1948// Standard parameters.1950optional int64 requeueAfterSeconds = 9;1951optional ApplicationSetTemplate template = 10;1953// Values contains key/value pairs which are passed directly as parameters to the template1955map<string, string> values = 11;1956optional SCMProviderGeneratorAWSCodeCommit awsCodeCommit = 12;1958}1959// SCMProviderGeneratorAWSCodeCommit defines connection info specific to AWS CodeCommit.1961message SCMProviderGeneratorAWSCodeCommit {1962// TagFilters provides the tag filter(s) for repo discovery1963repeated TagFilter tagFilters = 1;1964// Role provides the AWS IAM role to assume, for cross-account repo discovery1966// if not provided, AppSet controller will use its pod/node identity to discover.1967optional string role = 2;1968// Region provides the AWS region to discover repos.1970// if not provided, AppSet controller will infer the current region from environment.1971optional string region = 3;1972// Scan all branches instead of just the default branch.1974optional bool allBranches = 4;1975}1976// SCMProviderGeneratorAzureDevOps defines connection info specific to Azure DevOps.1978message SCMProviderGeneratorAzureDevOps {1979// Azure Devops organization. Required. E.g. "my-organization".1980optional string organization = 5;1981// The URL to Azure DevOps. If blank, use https://dev.azure.com.1983optional string api = 6;1984// Azure Devops team project. Required. E.g. "my-team".1986optional string teamProject = 7;1987// The Personal Access Token (PAT) to use when connecting. Required.1989optional SecretRef accessTokenRef = 8;1990// Scan all branches instead of just the default branch.1992optional bool allBranches = 9;1993}1994// SCMProviderGeneratorBitbucket defines connection info specific to Bitbucket Cloud (API version 2).1996message SCMProviderGeneratorBitbucket {1997// Bitbucket workspace to scan. Required.1998optional string owner = 1;1999// Bitbucket user to use when authenticating. Should have a "member" role to be able to read all repositories and branches. Required2001optional string user = 2;2002// The app password to use for the user. Required. See: https://support.atlassian.com/bitbucket-cloud/docs/app-passwords/2004optional SecretRef appPasswordRef = 3;2005// Scan all branches instead of just the main branch.2007optional bool allBranches = 4;2008}2009// SCMProviderGeneratorBitbucketServer defines connection info specific to Bitbucket Server.2011message SCMProviderGeneratorBitbucketServer {2012// Project to scan. Required.2013optional string project = 1;2014// The Bitbucket Server REST API URL to talk to. Required.2016optional string api = 2;2017// Credentials for Basic auth2019optional BasicAuthBitbucketServer basicAuth = 3;2020// Scan all branches instead of just the default branch.2022optional bool allBranches = 4;2023}2024// SCMProviderGeneratorFilter is a single repository filter.2026// If multiple filter types are set on a single struct, they will be AND'd together. All filters must2027// pass for a repo to be included.2028message SCMProviderGeneratorFilter {2029// A regex for repo names.2030optional string repositoryMatch = 1;2031// An array of paths, all of which must exist.2033repeated string pathsExist = 2;2034// An array of paths, all of which must not exist.2036repeated string pathsDoNotExist = 3;2037// A regex which must match at least one label.2039optional string labelMatch = 4;2040// A regex which must match the branch name.2042optional string branchMatch = 5;2043}2044// SCMProviderGeneratorGitea defines a connection info specific to Gitea.2046message SCMProviderGeneratorGitea {2047// Gitea organization or user to scan. Required.2048optional string owner = 1;2049// The Gitea URL to talk to. For example https://gitea.mydomain.com/.2051optional string api = 2;2052// Authentication token reference.2054optional SecretRef tokenRef = 3;2055// Scan all branches instead of just the default branch.2057optional bool allBranches = 4;2058// Allow self-signed TLS / Certificates; default: false2060optional bool insecure = 5;2061}2062// SCMProviderGeneratorGithub defines connection info specific to GitHub.2064message SCMProviderGeneratorGithub {2065// GitHub org to scan. Required.2066optional string organization = 1;2067// The GitHub API URL to talk to. If blank, use https://api.github.com/.2069optional string api = 2;2070// Authentication token reference.2072optional SecretRef tokenRef = 3;2073// AppSecretName is a reference to a GitHub App repo-creds secret.2075optional string appSecretName = 4;2076// Scan all branches instead of just the default branch.2078optional bool allBranches = 5;2079}2080// SCMProviderGeneratorGitlab defines connection info specific to Gitlab.2082message SCMProviderGeneratorGitlab {2083// Gitlab group to scan. Required. You can use either the project id (recommended) or the full namespaced path.2084optional string group = 1;2085// Recurse through subgroups (true) or scan only the base group (false). Defaults to "false"2087optional bool includeSubgroups = 2;2088// The Gitlab API URL to talk to.2090optional string api = 3;2091// Authentication token reference.2093optional SecretRef tokenRef = 4;2094// Scan all branches instead of just the default branch.2096optional bool allBranches = 5;2097// Skips validating the SCM provider's TLS certificate - useful for self-signed certificates.; default: false2099optional bool insecure = 6;2100// When recursing through subgroups, also include shared Projects (true) or scan only the subgroups under same path (false). Defaults to "true"2102optional bool includeSharedProjects = 7;2103// Filter repos list based on Gitlab Topic.2105optional string topic = 8;2106}2107// Utility struct for a reference to a secret key.2109message SecretRef {2110optional string secretName = 1;2111optional string key = 2;2113}2114// SignatureKey is the specification of a key required to verify commit signatures with2116message SignatureKey {2117// The ID of the key in hexadecimal notation2118optional string keyID = 1;2119}2120// SyncOperation contains details about a sync operation.2122message SyncOperation {2123// Revision is the revision (Git) or chart version (Helm) which to sync the application to2124// If omitted, will use the revision specified in app spec.2125optional string revision = 1;2126// Prune specifies to delete resources from the cluster that are no longer tracked in git2128optional bool prune = 2;2129// DryRun specifies to perform a `kubectl apply --dry-run` without actually performing the sync2131optional bool dryRun = 3;2132// SyncStrategy describes how to perform the sync2134optional SyncStrategy syncStrategy = 4;2135// Resources describes which resources shall be part of the sync2137repeated SyncOperationResource resources = 6;2138// Source overrides the source definition set in the application.2140// This is typically set in a Rollback operation and is nil during a Sync operation2141optional ApplicationSource source = 7;2142// Manifests is an optional field that overrides sync source with a local directory for development2144repeated string manifests = 8;2145// SyncOptions provide per-sync sync-options, e.g. Validate=false2147repeated string syncOptions = 9;2148// Sources overrides the source definition set in the application.2150// This is typically set in a Rollback operation and is nil during a Sync operation2151repeated ApplicationSource sources = 10;2152// Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to2154// If omitted, will use the revision specified in app spec.2155repeated string revisions = 11;2156}2157// SyncOperationResource contains resources to sync.2159message SyncOperationResource {2160optional string group = 1;2161optional string kind = 2;2163optional string name = 3;2165optional string namespace = 4;2167}2168// SyncOperationResult represent result of sync operation2170message SyncOperationResult {2171// Resources contains a list of sync result items for each individual resource in a sync operation2172repeated ResourceResult resources = 1;2173// Revision holds the revision this sync operation was performed to2175optional string revision = 2;2176// Source records the application source information of the sync, used for comparing auto-sync2178optional ApplicationSource source = 3;2179// Source records the application source information of the sync, used for comparing auto-sync2181repeated ApplicationSource sources = 4;2182// Revisions holds the revision this sync operation was performed for respective indexed source in sources field2184repeated string revisions = 5;2185// ManagedNamespaceMetadata contains the current sync state of managed namespace metadata2187optional ManagedNamespaceMetadata managedNamespaceMetadata = 6;2188}2189// SyncPolicy controls when a sync will be performed in response to updates in git2191message SyncPolicy {2192// Automated will keep an application synced to the target revision2193optional SyncPolicyAutomated automated = 1;2194// Options allow you to specify whole app sync-options2196repeated string syncOptions = 2;2197// Retry controls failed sync retry behavior2199optional RetryStrategy retry = 3;2200// ManagedNamespaceMetadata controls metadata in the given namespace (if CreateNamespace=true)2202optional ManagedNamespaceMetadata managedNamespaceMetadata = 4;2203}2204// SyncPolicyAutomated controls the behavior of an automated sync2206message SyncPolicyAutomated {2207// Prune specifies whether to delete resources from the cluster that are not found in the sources anymore as part of automated sync (default: false)2208optional bool prune = 1;2209// SelfHeal specifies whether to revert resources back to their desired state upon modification in the cluster (default: false)2211optional bool selfHeal = 2;2212// AllowEmpty allows apps have zero live resources (default: false)2214optional bool allowEmpty = 3;2215}2216// SyncStatus contains information about the currently observed live and desired states of an application2218message SyncStatus {2219// Status is the sync state of the comparison2220optional string status = 1;2221// ComparedTo contains information about what has been compared2223optional ComparedTo comparedTo = 2;2224// Revision contains information about the revision the comparison has been performed to2226optional string revision = 3;2227// Revisions contains information about the revisions of multiple sources the comparison has been performed to2229repeated string revisions = 4;2230}2231// SyncStrategy controls the manner in which a sync is performed2233message SyncStrategy {2234// Apply will perform a `kubectl apply` to perform the sync.2235optional SyncStrategyApply apply = 1;2236// Hook will submit any referenced resources to perform the sync. This is the default strategy2238optional SyncStrategyHook hook = 2;2239}2240// SyncStrategyApply uses `kubectl apply` to perform the apply2242message SyncStrategyApply {2243// Force indicates whether or not to supply the --force flag to `kubectl apply`.2244// The --force flag deletes and re-create the resource, when PATCH encounters conflict and has2245// retried for 5 times.2246optional bool force = 1;2247}2248// SyncStrategyHook will perform a sync using hooks annotations.2250// If no hook annotation is specified falls back to `kubectl apply`.2251message SyncStrategyHook {2252// Embed SyncStrategyApply type to inherit any `apply` options2253// +optional2254optional SyncStrategyApply syncStrategyApply = 1;2255}2256// SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps2258message SyncWindow {2259// Kind defines if the window allows or blocks syncs2260optional string kind = 1;2261// Schedule is the time the window will begin, specified in cron format2263optional string schedule = 2;2264// Duration is the amount of time the sync window will be open2266optional string duration = 3;2267// Applications contains a list of applications that the window will apply to2269repeated string applications = 4;2270// Namespaces contains a list of namespaces that the window will apply to2272repeated string namespaces = 5;2273// Clusters contains a list of clusters that the window will apply to2275repeated string clusters = 6;2276// ManualSync enables manual syncs when they would otherwise be blocked2278optional bool manualSync = 7;2279// TimeZone of the sync that will be applied to the schedule2281optional string timeZone = 8;2282}2283// TLSClientConfig contains settings to enable transport layer security2285message TLSClientConfig {2286// Insecure specifies that the server should be accessed without verifying the TLS certificate. For testing only.2287optional bool insecure = 1;2288// ServerName is passed to the server for SNI and is used in the client to check server2290// certificates against. If ServerName is empty, the hostname used to contact the2291// server is used.2292optional string serverName = 2;2293// CertData holds PEM-encoded bytes (typically read from a client certificate file).2295// CertData takes precedence over CertFile2296optional bytes certData = 3;2297// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).2299// KeyData takes precedence over KeyFile2300optional bytes keyData = 4;2301// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).2303// CAData takes precedence over CAFile2304optional bytes caData = 5;2305}2306message TagFilter {2308optional string key = 1;2309optional string value = 2;2311}2312