Kustomize API reference v1

The GitOps Toolkit Custom Resource Definitions documentation.

Packages:

kustomize.toolkit.fluxcd.io/v1

Package v1 contains API Schema definitions for the kustomize.toolkit.fluxcd.io v1 API group.

Resource Types:

Kustomization

Kustomization is the Schema for the kustomizations API.

FieldDescription
apiVersion
string
kustomize.toolkit.fluxcd.io/v1
kind
string
Kustomization
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
KustomizationSpec


commonMetadata
CommonMetadata
(Optional)

CommonMetadata specifies the common labels and annotations that are applied to all resources. Any existing label or annotation will be overridden if its key matches a common one.

dependsOn
[]github.com/fluxcd/pkg/apis/meta.DependencyReference
(Optional)

DependsOn may contain a DependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.

decryption
Decryption
(Optional)

Decrypt Kubernetes secrets before applying them on the cluster.

interval
Kubernetes meta/v1.Duration

The interval at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources.

retryInterval
Kubernetes meta/v1.Duration
(Optional)

The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures.

kubeConfig
github.com/fluxcd/pkg/apis/meta.KubeConfigReference
(Optional)

The KubeConfig for reconciling the Kustomization on a remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the –default-service-account flag is set, its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName is empty.

path
string
(Optional)

Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef.

postBuild
PostBuild
(Optional)

PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.

prune
bool

Prune enables garbage collection.

deletionPolicy
string
(Optional)

DeletionPolicy can be used to control garbage collection when this Kustomization is deleted. Valid values are (‘MirrorPrune’, ‘Delete’, ‘WaitForTermination’, ‘Orphan’). ‘MirrorPrune’ mirrors the Prune field (orphan if false, delete if true). Defaults to ‘MirrorPrune’.

healthChecks
[]github.com/fluxcd/pkg/apis/meta.NamespacedObjectKindReference
(Optional)

A list of resources to be included in the health assessment.

namePrefix
string
(Optional)

NamePrefix will prefix the names of all managed resources.

nameSuffix
string
(Optional)

NameSuffix will suffix the names of all managed resources.

patches
[]github.com/fluxcd/pkg/apis/kustomize.Patch
(Optional)

Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.

images
[]github.com/fluxcd/pkg/apis/kustomize.Image
(Optional)

Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.

serviceAccountName
string
(Optional)

The name of the Kubernetes service account to impersonate when reconciling this Kustomization.

sourceRef
CrossNamespaceSourceReference

Reference of the source where the kustomization file is.

suspend
bool
(Optional)

This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.

targetNamespace
string
(Optional)

TargetNamespace sets or overrides the namespace in the kustomization.yaml file.

timeout
Kubernetes meta/v1.Duration
(Optional)

Timeout for validation, apply and health checking operations. Defaults to ‘Interval’ duration.

force
bool
(Optional)

Force instructs the controller to recreate resources when patching fails due to an immutable field change.

wait
bool
(Optional)

Wait instructs the controller to check the health of all the reconciled resources. When enabled, the HealthChecks are ignored. Defaults to false.

buildMetadata
[]BuildMetadataOption
(Optional)

BuildMetadata specifies which kustomize build metadata should be added to the built resources. The allowed values are ‘originAnnotations’ to annotate resources with their source origin, and ‘transformerAnnotations’ to annotate resources with the transformers that produced them.

components
[]string
(Optional)

Components specifies relative paths to kustomize Components.

ignoreMissingComponents
bool
(Optional)

IgnoreMissingComponents instructs the controller to ignore Components paths not found in source by removing them from the generated kustomization.yaml before running kustomize build.

healthCheckExprs
[]github.com/fluxcd/pkg/apis/kustomize.CustomHealthCheck
(Optional)

HealthCheckExprs is a list of healthcheck expressions for evaluating the health of custom resources using Common Expression Language (CEL). The expressions are evaluated only when Wait or HealthChecks are specified.

ignore
[]IgnoreRule
(Optional)

Ignore is a list of rules for specifying which changes to ignore during drift detection. These rules are applied to the resources managed by the Kustomization and are used to exclude specific JSON pointer paths from the drift detection and apply process.

status
KustomizationStatus

BuildMetadataOption (string alias)

(Appears on: KustomizationSpec)

BuildMetadataOption defines the supported buildMetadata options.

CommonMetadata

(Appears on: KustomizationSpec)

CommonMetadata defines the common labels and annotations.

FieldDescription
annotations
map[string]string
(Optional)

Annotations to be added to the object’s metadata.

labels
map[string]string
(Optional)

Labels to be added to the object’s metadata.

CrossNamespaceSourceReference

(Appears on: KustomizationSpec)

CrossNamespaceSourceReference contains enough information to let you locate the typed Kubernetes resource object at cluster level.

FieldDescription
apiVersion
string
(Optional)

API version of the referent.

kind
string

Kind of the referent.

name
string

Name of the referent.

namespace
string
(Optional)

Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.

Decryption

(Appears on: KustomizationSpec)

Decryption defines how decryption is handled for Kubernetes manifests.

FieldDescription
provider
string

Provider is the name of the decryption engine.

serviceAccountName
string
(Optional)

ServiceAccountName is the name of the service account used to authenticate with KMS services from cloud providers. If a static credential for a given cloud provider is defined inside the Secret referenced by SecretRef, that static credential takes priority.

secretRef
github.com/fluxcd/pkg/apis/meta.LocalObjectReference
(Optional)

The secret name containing the private OpenPGP keys used for decryption. A static credential for a cloud provider defined inside the Secret takes priority to secret-less authentication with the ServiceAccountName field.

IgnoreRule

(Appears on: KustomizationSpec)

IgnoreRule defines a rule to selectively disregard specific changes during the drift detection process.

FieldDescription
paths
[]string

Paths is a list of JSON Pointer (RFC 6901) paths to be excluded from consideration in a Kubernetes object.

target
github.com/fluxcd/pkg/apis/kustomize.Selector
(Optional)

Target is a selector for specifying Kubernetes objects to which this rule applies. If Target is not set, the Paths will be ignored for all Kubernetes objects within the manifest of the Kustomization.

KustomizationSpec

(Appears on: Kustomization)

KustomizationSpec defines the configuration to calculate the desired state from a Source using Kustomize.

FieldDescription
commonMetadata
CommonMetadata
(Optional)

CommonMetadata specifies the common labels and annotations that are applied to all resources. Any existing label or annotation will be overridden if its key matches a common one.

dependsOn
[]github.com/fluxcd/pkg/apis/meta.DependencyReference
(Optional)

DependsOn may contain a DependencyReference slice with references to Kustomization resources that must be ready before this Kustomization can be reconciled.

decryption
Decryption
(Optional)

Decrypt Kubernetes secrets before applying them on the cluster.

interval
Kubernetes meta/v1.Duration

The interval at which to reconcile the Kustomization. This interval is approximate and may be subject to jitter to ensure efficient use of resources.

retryInterval
Kubernetes meta/v1.Duration
(Optional)

The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the KustomizationSpec.Interval value to retry failures.

kubeConfig
github.com/fluxcd/pkg/apis/meta.KubeConfigReference
(Optional)

The KubeConfig for reconciling the Kustomization on a remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, forces the controller to act on behalf of that Service Account at the target cluster. If the –default-service-account flag is set, its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName is empty.

path
string
(Optional)

Path to the directory containing the kustomization.yaml file, or the set of plain YAMLs a kustomization.yaml should be generated for. Defaults to ‘None’, which translates to the root path of the SourceRef.

postBuild
PostBuild
(Optional)

PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.

prune
bool

Prune enables garbage collection.

deletionPolicy
string
(Optional)

DeletionPolicy can be used to control garbage collection when this Kustomization is deleted. Valid values are (‘MirrorPrune’, ‘Delete’, ‘WaitForTermination’, ‘Orphan’). ‘MirrorPrune’ mirrors the Prune field (orphan if false, delete if true). Defaults to ‘MirrorPrune’.

healthChecks
[]github.com/fluxcd/pkg/apis/meta.NamespacedObjectKindReference
(Optional)

A list of resources to be included in the health assessment.

namePrefix
string
(Optional)

NamePrefix will prefix the names of all managed resources.

nameSuffix
string
(Optional)

NameSuffix will suffix the names of all managed resources.

patches
[]github.com/fluxcd/pkg/apis/kustomize.Patch
(Optional)

Strategic merge and JSON patches, defined as inline YAML objects, capable of targeting objects based on kind, label and annotation selectors.

images
[]github.com/fluxcd/pkg/apis/kustomize.Image
(Optional)

Images is a list of (image name, new name, new tag or digest) for changing image names, tags or digests. This can also be achieved with a patch, but this operator is simpler to specify.

serviceAccountName
string
(Optional)

The name of the Kubernetes service account to impersonate when reconciling this Kustomization.

sourceRef
CrossNamespaceSourceReference

Reference of the source where the kustomization file is.

suspend
bool
(Optional)

This flag tells the controller to suspend subsequent kustomize executions, it does not apply to already started executions. Defaults to false.

targetNamespace
string
(Optional)

TargetNamespace sets or overrides the namespace in the kustomization.yaml file.

timeout
Kubernetes meta/v1.Duration
(Optional)

Timeout for validation, apply and health checking operations. Defaults to ‘Interval’ duration.

force
bool
(Optional)

Force instructs the controller to recreate resources when patching fails due to an immutable field change.

wait
bool
(Optional)

Wait instructs the controller to check the health of all the reconciled resources. When enabled, the HealthChecks are ignored. Defaults to false.

buildMetadata
[]BuildMetadataOption
(Optional)

BuildMetadata specifies which kustomize build metadata should be added to the built resources. The allowed values are ‘originAnnotations’ to annotate resources with their source origin, and ‘transformerAnnotations’ to annotate resources with the transformers that produced them.

components
[]string
(Optional)

Components specifies relative paths to kustomize Components.

ignoreMissingComponents
bool
(Optional)

IgnoreMissingComponents instructs the controller to ignore Components paths not found in source by removing them from the generated kustomization.yaml before running kustomize build.

healthCheckExprs
[]github.com/fluxcd/pkg/apis/kustomize.CustomHealthCheck
(Optional)

HealthCheckExprs is a list of healthcheck expressions for evaluating the health of custom resources using Common Expression Language (CEL). The expressions are evaluated only when Wait or HealthChecks are specified.

ignore
[]IgnoreRule
(Optional)

Ignore is a list of rules for specifying which changes to ignore during drift detection. These rules are applied to the resources managed by the Kustomization and are used to exclude specific JSON pointer paths from the drift detection and apply process.

KustomizationStatus

(Appears on: Kustomization)

KustomizationStatus defines the observed state of a kustomization.

FieldDescription
ReconcileRequestStatus
github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus

(Members of ReconcileRequestStatus are embedded into this type.)

observedGeneration
int64
(Optional)

ObservedGeneration is the last reconciled generation.

conditions
[]Kubernetes meta/v1.Condition
(Optional)
lastAppliedRevision
string
(Optional)

The last successfully applied revision. Equals the Revision of the applied Artifact from the referenced Source.

lastAppliedOriginRevision
string
(Optional)

The last successfully applied origin revision. Equals the origin revision of the applied Artifact from the referenced Source. Usually present on the Metadata of the applied Artifact and depends on the Source type, e.g. for OCI it’s the value associated with the key “org.opencontainers.image.revision”.

lastAttemptedRevision
string
(Optional)

LastAttemptedRevision is the revision of the last reconciliation attempt.

inventory
ResourceInventory
(Optional)

Inventory contains the list of Kubernetes resource object references that have been successfully applied.

history
github.com/fluxcd/pkg/apis/meta.History
(Optional)

History contains a set of snapshots of the last reconciliation attempts tracking the revision, the state and the duration of each attempt.

PostBuild

(Appears on: KustomizationSpec)

PostBuild describes which actions to perform on the YAML manifest generated by building the kustomize overlay.

FieldDescription
substituteStrategy
SubstituteStrategy
(Optional)

SubstituteStrategy defines the strategy for substituting variables in the YAML manifests. Valid values are:

  • WithVariables (the default): require at least one variable to be defined, either through the inline map or through the resolved references to ConfigMaps and Secrets.
  • Always: perform the substitution even if no variables are defined.
substitute
map[string]string
(Optional)

Substitute holds a map of key/value pairs. The variables defined in your YAML manifests that match any of the keys defined in the map will be substituted with the set value. Includes support for bash string replacement functions e.g. ${var:=default}, ${var:position} and ${var/substring/replacement}.

substituteFrom
[]SubstituteReference
(Optional)

SubstituteFrom holds references to ConfigMaps and Secrets containing the variables and their values to be substituted in the YAML manifests. The ConfigMap and the Secret data keys represent the var names, and they must match the vars declared in the manifests for the substitution to happen.

ResourceInventory

(Appears on: KustomizationStatus)

ResourceInventory contains a list of Kubernetes resource object references that have been applied by a Kustomization.

FieldDescription
entries
[]ResourceRef

Entries of Kubernetes resource object references.

ResourceRef

(Appears on: ResourceInventory)

ResourceRef contains the information necessary to locate a resource within a cluster.

FieldDescription
id
string

ID is the string representation of the Kubernetes resource object’s metadata, in the format ‘_’.

v
string

Version is the API version of the Kubernetes resource object’s kind.

SubstituteReference

(Appears on: PostBuild)

SubstituteReference contains a reference to a resource containing the variables name and value.

FieldDescription
kind
string

Kind of the values referent, valid values are (‘Secret’, ‘ConfigMap’).

name
string

Name of the values referent. Should reside in the same namespace as the referring resource.

optional
bool
(Optional)

Optional indicates whether the referenced resource must exist, or whether to tolerate its absence. If true and the referenced resource is absent, proceed as if the resource was present but empty, without any variables defined.

SubstituteStrategy (string alias)

(Appears on: PostBuild)

SubstituteStrategy defines the strategy for substituting variables in the YAML manifests.

VaultConfig

VaultConfig is the controller-level configuration that enables and scopes authentication to OpenBao/Vault instances for SOPS decryption. The controller presents a Kubernetes ServiceAccount token to a JWT-backed auth method (e.g. the Kubernetes or JWT auth method). The operator provides this config through a ConfigMap, listing the instances the controller may authenticate to along with each instance’s login path. It only governs this ServiceAccount-token authentication: the existing static token decryption paths (the sops.vault-token Secret entry and the VAULT_TOKEN environment variable) are unaffected and continue to work for any address.

FieldDescription
instances
[]VaultInstance

Instances is the list of known OpenBao/Vault instances.

VaultInstance

(Appears on: VaultConfig)

VaultInstance describes a single OpenBao/Vault instance and how the controller should authenticate to it.

FieldDescription
address
string

Address is the address of the OpenBao/Vault instance, matching the address stored in the SOPS metadata of the encrypted data key.

loginPath
string

LoginPath is the API path of the login endpoint to authenticate to this instance with, e.g. “auth/kubernetes/login”. It is used verbatim, so it supports any JWT-backed auth method (e.g. the Kubernetes or JWT auth method) and namespace-prefixed paths (e.g. “ns1/ns2/auth/kubernetes/login”).

This page was automatically generated with gen-crd-api-reference-docs