apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: labels: app.kubernetes.io/name: appprojects.argoproj.io app.kubernetes.io/part-of: argocd name: appprojects.argoproj.io annotations: helm.sh/hook: crd-install spec: group: argoproj.io names: kind: AppProject listKind: AppProjectList plural: appprojects shortNames: - appproj - appprojs singular: appproject scope: Namespaced validation: openAPIV3Schema: description: 'AppProject provides a logical grouping of applications, providing controls for: * where the apps may deploy to (cluster whitelist) * what may be deployed (repository whitelist, resource whitelist/blacklist) * who can access these applications (roles, OIDC group claims bindings) * and what they can do (RBAC policies) * automation access to these roles (JWT tokens)' properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: AppProjectSpec is the specification of an AppProject properties: clusterResourceWhitelist: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types properties: group: type: string kind: type: string required: - group - kind type: object type: array description: description: Description contains optional project description type: string destinations: description: Destinations contains list of destinations available for deployment items: description: ApplicationDestination contains deployment destination information properties: namespace: description: Namespace overrides the environment namespace value in the ksonnet app.yaml type: string server: description: Server overrides the environment server value in the ksonnet app.yaml type: string type: object type: array namespaceResourceBlacklist: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: description: GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying concepts during lookup stages without having partially valid types properties: group: type: string kind: type: string required: - group - kind type: object type: array orphanedResources: description: OrphanedResources specifies if controller should monitor orphaned resources of apps in this project properties: warn: description: Warn indicates if warning condition should be created for apps which have orphaned resources type: boolean type: object roles: description: Roles are user defined RBAC roles associated with this project items: description: ProjectRole represents a role that has access to a project properties: description: description: Description is a description of the role type: string groups: description: Groups are a list of OIDC group claims bound to this role items: type: string type: array jwtTokens: description: JWTTokens are a list of generated JWT tokens bound to this role items: description: JWTToken holds the issuedAt and expiresAt values of a token properties: exp: format: int64 type: integer iat: format: int64 type: integer required: - iat type: object type: array name: description: Name is a name for this role type: string policies: description: Policies Stores a list of casbin formated strings that define access policies for the role in the project items: type: string type: array required: - name type: object type: array sourceRepos: description: SourceRepos contains list of repository URLs which can be used for deployment items: type: string type: array syncWindows: description: SyncWindows controls when syncs can be run for apps in this project items: description: SyncWindow contains the kind, time, duration and attributes that are used to assign the syncWindows to apps properties: applications: description: Applications contains a list of applications that the window will apply to items: type: string type: array clusters: description: Clusters contains a list of clusters that the window will apply to items: type: string type: array duration: description: Duration is the amount of time the sync window will be open type: string kind: description: Kind defines if the window allows or blocks syncs type: string manualSync: description: ManualSync enables manual syncs when they would otherwise be blocked type: boolean namespaces: description: Namespaces contains a list of namespaces that the window will apply to items: type: string type: array schedule: description: Schedule is the time the window will begin, specified in cron format type: string type: object type: array type: object required: - metadata - spec type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true