← Back to index Esc
Kind
Kustomization
Group
kustomize.toolkit.fluxcd.io
Version
v1
apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: example
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize.
commonMetadata object
CommonMetadata specifies the common labels and annotations that are applied to all resources. Any existing label or annotation will be overridden if its key matches a common one.
annotations object
Annotations to be added to the object's metadata.
labels object
Labels to be added to the object's metadata.
components []string
Components specifies relative paths to kustomize Components.
decryption object
Decrypt Kubernetes secrets before applying them on the cluster.
provider string required
Provider is the name of the decryption engine.
enum: sops
secretRef object
The secret name containing the private OpenPGP keys used for decryption. A static credential for a cloud provider defined inside the Secret takes priority to secret-less authentication with the ServiceAccountName field.
name string required
Name of the referent.
serviceAccountName string
ServiceAccountName is the name of the service account used to authenticate with KMS services from cloud providers. If a static credential for a given cloud provider is defined inside the Secret referenced by SecretRef, that static credential takes priority.
deletionPolicy string
DeletionPolicy can be used to control garbage collection when this Kustomization is deleted. Valid values are ('MirrorPrune', 'Delete', 'WaitForTermination', 'Orphan'). 'MirrorPrune' mirrors the Prune field (orphan if false, delete if true). Defaults to 'MirrorPrune'.
enum: MirrorPrune, Delete, WaitForTermination, Orphan
dependsOn []object
DependsOn may contain a DependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.
name string required
Name of the referent.
namespace string
Namespace of the referent, defaults to the namespace of the Kustomization resource object that contains the reference.
readyExpr string
ReadyExpr is a CEL expression that can be used to assess the readiness of a dependency. When specified, the built-in readiness check is replaced by the logic defined in the CEL expression. To make the CEL expression additive to the built-in readiness check, the feature gate `AdditiveCELDependencyCheck` must be set to `true`.
force boolean
Force instructs the controller to recreate resources when patching fails due to an immutable field change.
healthCheckExprs []object
HealthCheckExprs is a list of healthcheck expressions for evaluating the health of custom resources using Common Expression Language (CEL). The expressions are evaluated only when Wait or HealthChecks are specified.
apiVersion string required
APIVersion of the custom resource under evaluation.
current string required
Current is the CEL expression that determines if the status of the custom resource has reached the desired state.
failed string
Failed is the CEL expression that determines if the status of the custom resource has failed to reach the desired state.
inProgress string
InProgress is the CEL expression that determines if the status of the custom resource has not yet reached the desired state.
kind string required
Kind of the custom resource under evaluation.
healthChecks []object
A list of resources to be included in the health assessment.
apiVersion string
API version of the referent, if not specified the Kubernetes preferred version will be used.
kind string required
Kind of the referent.
name string required
Name of the referent.
namespace string
Namespace of the referent, when not specified it acts as LocalObjectReference.
ignoreMissingComponents boolean
IgnoreMissingComponents instructs the controller to ignore Components paths not found in source by removing them from the generated kustomization.yaml before running kustomize build.
images []object
Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.
digest string
Digest is the value used to replace the original image tag. If digest is present NewTag value is ignored.
name string required
Name is a tag-less image name.
newName string
NewName is the value used to replace the original name.
newTag string
NewTag is the value used to replace the original tag.
interval string required
The interval at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
kubeConfig object
The KubeConfig for reconciling the Kustomization on a remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the --default-service-account flag is set, its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName is empty.
configMapRef object
ConfigMapRef holds an optional name of a ConfigMap that contains the following keys: - `provider`: the provider to use. One of `aws`, `azure`, `gcp`, or `generic`. Required. - `cluster`: the fully qualified resource name of the Kubernetes cluster in the cloud provider API. Not used by the `generic` provider. Required when one of `address` or `ca.crt` is not set. - `address`: the address of the Kubernetes API server. Required for `generic`. For the other providers, if not specified, the first address in the cluster resource will be used, and if specified, it must match one of the addresses in the cluster resource. If audiences is not set, will be used as the audience for the `generic` provider. - `ca.crt`: the optional PEM-encoded CA certificate for the Kubernetes API server. If not set, the controller will use the CA certificate from the cluster resource. - `audiences`: the optional audiences as a list of line-break-separated strings for the Kubernetes ServiceAccount token. Defaults to the `address` for the `generic` provider, or to specific values for the other providers depending on the provider. - `serviceAccountName`: the optional name of the Kubernetes ServiceAccount in the same namespace that should be used for authentication. If not specified, the controller ServiceAccount will be used. Mutually exclusive with SecretRef.
name string required
Name of the referent.
secretRef object
SecretRef holds an optional name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to 'value'. Mutually exclusive with ConfigMapRef. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific `cmd-path` auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling Kubernetes resources. Supported only for the generic provider.
key string
Key in the Secret, when not specified an implementation-specific default key is used.
name string required
Name of the Secret.
namePrefix string
NamePrefix will prefix the names of all managed resources.
minLength: 1
maxLength: 200
nameSuffix string
NameSuffix will suffix the names of all managed resources.
minLength: 1
maxLength: 200
patches []object
Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.
patch string required
Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with an array of operation objects.
target object
Target points to the resources that the patch document should be applied to.
annotationSelector string
AnnotationSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource annotations.
group string
Group is the API group to select resources from. Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
kind string
Kind of the API Group to select resources from. Together with Group and Version it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
labelSelector string
LabelSelector is a string that follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api It matches with the resource labels.
name string
Name to match resources with.
namespace string
Namespace to select resources from.
version string
Version of the API Group to select resources from. Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md
path string
Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to 'None', which translates to the root path of the SourceRef.
postBuild object
PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.
substitute object
Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.
substituteFrom []object
SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names, and they must match the vars declared in the manifests for the substitution to happen.
kind string required
Kind of the values referent, valid values are ('Secret', 'ConfigMap').
enum: Secret, ConfigMap
name string required
Name of the values referent. Should reside in the same namespace as the referring resource.
minLength: 1
maxLength: 253
optional boolean
Optional indicates whether the referenced resource must exist, or whether to tolerate its absence. If true and the referenced resource is absent, proceed as if the resource was present but empty, without any variables defined.
prune boolean required
Prune enables garbage collection.
retryInterval string
The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
serviceAccountName string
The name of the Kubernetes service account to impersonate when reconciling this Kustomization.
sourceRef object required
Reference of the source where the kustomization file is.
apiVersion string
API version of the referent.
kind string required
Kind of the referent.
enum: OCIRepository, GitRepository, Bucket, ExternalArtifact
name string required
Name of the referent.
namespace string
Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.
suspend boolean
This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.
targetNamespace string
TargetNamespace sets or overrides the namespace in the kustomization.yaml file.
minLength: 1
maxLength: 63
timeout string
Timeout for validation, apply and health checking operations. Defaults to 'Interval' duration.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
wait boolean
Wait instructs the controller to check the health of all the reconciled resources. When enabled, the HealthChecks are ignored. Defaults to false.
status object
KustomizationStatus defines the observed state of a kustomization.
conditions []object
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
history []object
History contains a set of snapshots of the last reconciliation attempts tracking the revision, the state and the duration of each attempt.
digest string required
Digest is the checksum in the format `<algo>:<hex>` of the resources in this snapshot.
firstReconciled string required
FirstReconciled is the time when this revision was first reconciled to the cluster.
format: date-time
lastReconciled string required
LastReconciled is the time when this revision was last reconciled to the cluster.
format: date-time
lastReconciledDuration string required
LastReconciledDuration is time it took to reconcile the resources in this revision.
lastReconciledStatus string required
LastReconciledStatus is the status of the last reconciliation.
metadata object
Metadata contains additional information about the snapshot.
totalReconciliations integer required
TotalReconciliations is the total number of reconciliations that have occurred for this snapshot.
format: int64
inventory object
Inventory contains the list of Kubernetes resource object references that have been successfully applied.
entries []object required
Entries of Kubernetes resource object references.
id string required
ID is the string representation of the Kubernetes resource object's metadata, in the format '<namespace>_<name>_<group>_<kind>'.
v string required
Version is the API version of the Kubernetes resource object's kind.
lastAppliedOriginRevision string
The last successfully applied origin revision. Equals the origin revision of the applied Artifact from the referenced Source. Usually present on the Metadata of the applied Artifact and depends on the Source type, e.g. for OCI it's the value associated with the key "org.opencontainers.image.revision".
lastAppliedRevision string
The last successfully applied revision. Equals the Revision of the applied Artifact from the referenced Source.
lastAttemptedRevision string
LastAttemptedRevision is the revision of the last reconciliation attempt.
lastHandledReconcileAt string
LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.
observedGeneration integer
ObservedGeneration is the last reconciled generation.
format: int64
Copied!