Kustomization

kustomize.toolkit.fluxcd.io / v1

apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: example

apiVersion string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

kind string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

metadata object

spec object

KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize.

commonMetadata object

CommonMetadata specifies the common labels and annotations that are applied to all resources. Any existing label or annotation will be overridden if its key matches a common one.

annotations object

Annotations to be added to the object's metadata.

labels object

Labels to be added to the object's metadata.

components []string

Components specifies relative paths to kustomize Components.

decryption object

Decrypt Kubernetes secrets before applying them on the cluster.

provider string required

Provider is the name of the decryption engine.

enum: sops

secretRef object

The secret name containing the private OpenPGP keys used for decryption. A static credential for a cloud provider defined inside the Secret takes priority to secret-less authentication with the ServiceAccountName field.

name string required

Name of the referent.

serviceAccountName string

ServiceAccountName is the name of the service account used to authenticate with KMS services from cloud providers. If a static credential for a given cloud provider is defined inside the Secret referenced by SecretRef, that static credential takes priority.

deletionPolicy string

DeletionPolicy can be used to control garbage collection when this Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete', 'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field (orphan if false, delete if true). Defaults to 'MirrorPrune'.

enum: MirrorPrune, Delete, WaitForTermination, Orphan

dependsOn []object

DependsOn may contain a DependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.

name string required

Name of the referent.

namespace string

Namespace of the referent, defaults to the namespace of the Kustomization resource object that contains the reference.

readyExpr string

ReadyExpr is a CEL expression that can be used to assess the readiness of a dependency. When specified, the built-in readiness check is replaced by the logic defined in the CEL expression. To make the CEL expression additive to the built-in readiness check, the feature gate `AdditiveCELDependencyCheck` must be set to `true`.

force boolean

Force instructs the controller to recreate resources when patching fails due to an immutable field change.

healthCheckExprs []object

HealthCheckExprs is a list of healthcheck expressions for evaluating the health of custom resources using Common Expression Language (CEL). The expressions are evaluated only when Wait or HealthChecks are specified.

apiVersion string required

APIVersion of the custom resource under evaluation.

current string required

Current is the CEL expression that determines if the status of the custom resource has reached the desired state.

failed string

Failed is the CEL expression that determines if the status of the custom resource has failed to reach the desired state.

inProgress string

InProgress is the CEL expression that determines if the status of the custom resource has not yet reached the desired state.

kind string required

Kind of the custom resource under evaluation.

healthChecks []object

A list of resources to be included in the health assessment.

apiVersion string

API version of the referent, if not specified the Kubernetes preferred version will be used.

kind string required

Kind of the referent.

name string required

Name of the referent.

namespace string

Namespace of the referent, when not specified it acts as LocalObjectReference.

ignoreMissingComponents boolean

IgnoreMissingComponents instructs the controller to ignore Components paths not found in source by removing them from the generated kustomization.yaml before running kustomize build.

images []object

Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.

digest string

Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored.

name string required

Name is a tag-less image name.

newName string

NewName is the value used to replace the original name.

newTag string

NewTag is the value used to replace the original tag.

interval string required

The interval at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources.

pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$

kubeConfig object

The KubeConfig for reconciling the Kustomization on a remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the --default-service-account flag is set, its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName is empty.

configMapRef object

ConfigMapRef holds an optional name of a ConfigMap that contains the following keys: - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or `generic`. Required. - `cluster`: the fully qualified resource name of the Kubernetes cluster in the cloud provider API. Not used by the `generic` provider. Required when one of `address` or `ca.crt` is not set. - `address`: the address of the Kubernetes API server. Required for `generic`. For the other providers, if not specified, the first address in the cluster resource will be used, and if specified, it must match one of the addresses in the cluster resource. If audiences is not set, will be used as the audience for the `generic` provider. - `ca.crt`: the optional PEM-encoded CA certificate for the Kubernetes API server. If not set, the controller will use the CA certificate from the cluster resource. - `audiences`: the optional audiences as a list of line-break-separated strings for the Kubernetes ServiceAccount token. Defaults to the `address` for the `generic` provider, or to specific values for the other providers depending on the provider. - `serviceAccountName`: the optional name of the Kubernetes ServiceAccount in the same namespace that should be used for authentication. If not specified, the controller ServiceAccount will be used. Mutually exclusive with SecretRef.

name string required

Name of the referent.

secretRef object

SecretRef holds an optional name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. Mutually exclusive with ConfigMapRef. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources. Supported only for the generic provider.

key string

Key in the Secret, when not specified an implementation-specific default key is used.

name string required

Name of the Secret.

namePrefix string

NamePrefix will prefix the names of all managed resources.

minLength: 1

maxLength: 200

nameSuffix string

NameSuffix will suffix the names of all managed resources.

minLength: 1

maxLength: 200

patches []object

Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.

patch string required

Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with an array of operation objects.

target object

Target points to the resources that the patch document should be applied to.

annotationSelector string

AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.

group string

Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md

kind string

Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md

labelSelector string

LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.

name string

Name to match resources with.

namespace string

Namespace to select resources from.

version string

Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md

path string

Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef.

postBuild object

PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.

substitute object

Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.

substituteFrom []object

SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names, and they must match the vars declared in the manifests for the substitution to happen.

kind string required

Kind of the values referent, valid values are ('Secret', 'ConfigMap').

enum: Secret, ConfigMap

name string required

Name of the values referent. Should reside in the same namespace as the referring resource.

minLength: 1

maxLength: 253

optional boolean

Optional indicates whether the referenced resource must exist, or whether to tolerate its absence. If true and the referenced resource is absent, proceed as if the resource was present but empty, without any variables defined.

prune boolean required

Prune enables garbage collection.

retryInterval string

The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures.

pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$

serviceAccountName string

The name of the Kubernetes service account to impersonate when reconciling this Kustomization.

sourceRef object required

Reference of the source where the kustomization file is.

apiVersion string

API version of the referent.

kind string required

Kind of the referent.

enum: OCIRepository, GitRepository, Bucket, ExternalArtifact

name string required

Name of the referent.

namespace string

Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.

suspend boolean

This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.

targetNamespace string

TargetNamespace sets or overrides the namespace in the kustomization.yaml file.

minLength: 1

maxLength: 63

timeout string

Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.

pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$

wait boolean

Wait instructs the controller to check the health of all the reconciled resources. When enabled, the HealthChecks are ignored. Defaults to false.

status object

KustomizationStatus defines the observed state of a kustomization.

conditions []object

lastTransitionTime string required

lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.

format: date-time

message string required

message is a human readable message indicating details about the transition. This may be an empty string.

maxLength: 32768

observedGeneration integer

observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

format: int64

minimum: 0

reason string required

reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.

pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$

minLength: 1

maxLength: 1024

status string required

status of the condition, one of True, False, Unknown.

enum: True, False, Unknown

type string required

type of condition in CamelCase or in foo.example.com/CamelCase.

pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$

maxLength: 316

history []object

History contains a set of snapshots of the last reconciliation attempts tracking the revision, the state and the duration of each attempt.

digest string required

Digest is the checksum in the format `<algo>:<hex>` of the resources in this snapshot.

firstReconciled string required

FirstReconciled is the time when this revision was first reconciled to the cluster.

format: date-time

lastReconciled string required

LastReconciled is the time when this revision was last reconciled to the cluster.

format: date-time

lastReconciledDuration string required

LastReconciledDuration is time it took to reconcile the resources in this revision.

lastReconciledStatus string required

LastReconciledStatus is the status of the last reconciliation.

metadata object

Metadata contains additional information about the snapshot.

totalReconciliations integer required

TotalReconciliations is the total number of reconciliations that have occurred for this snapshot.

format: int64

inventory object

Inventory contains the list of Kubernetes resource object references that have been successfully applied.

entries []object required

Entries of Kubernetes resource object references.

id string required

ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.

v string required

Version is the API version of the Kubernetes resource object's kind.

lastAppliedOriginRevision string

The last successfully applied origin revision. Equals the origin revision of the applied Artifact from the referenced Source. Usually present on the Metadata of the applied Artifact and depends on the Source type, e.g. for OCI it's the value associated with the key "org.opencontainers.image.revision".

lastAppliedRevision string

The last successfully applied revision. Equals the Revision of the applied Artifact from the referenced Source.

lastAttemptedRevision string

LastAttemptedRevision is the revision of the last reconciliation attempt.

lastHandledReconcileAt string

LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.

observedGeneration integer

ObservedGeneration is the last reconciled generation.

format: int64

No matches. Try .spec.commonMetadata for an exact path