description: 'AppProject provides a logical grouping of applications, providing controls for:*where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type:string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info:https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type:string
metadata:
type:object
spec:
description:AppProjectSpec is the specification of an AppProject
properties:
clusterResourceBlacklist:
description:ClusterResourceBlacklist contains list of blacklisted cluster level resources
items:
description:GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
description:ClusterResourceWhitelist contains list of whitelisted cluster level resources
items:
description:GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
description:Namespace specifies the target namespace for the application's resources. The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace
description:NamespaceResourceBlacklist contains list of blacklisted namespace level resources
items:
description:GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type:string
kind:
type:string
required:
- group
- kind
type:object
type:array
namespaceResourceWhitelist:
description:NamespaceResourceWhitelist contains list of whitelisted namespace level resources
items:
description:GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types
properties:
group:
type:string
kind:
type:string
required:
- group
- kind
type:object
type:array
orphanedResources:
description:OrphanedResources specifies if controller should monitor orphaned resources of apps in this project
