Notification API reference v1

The GitOps Toolkit Custom Resource Definitions documentation.

Packages:

notification.toolkit.fluxcd.io/v1

Package v1 contains API Schema definitions for the notification v1 API group.

Resource Types:

Receiver

Receiver is the Schema for the receivers API.

FieldDescription
apiVersion
string
notification.toolkit.fluxcd.io/v1
kind
string
Receiver
metadata
Kubernetes meta/v1.ObjectMeta
Refer to the Kubernetes API documentation for the fields of the metadata field.
spec
ReceiverSpec


type
string

Type of webhook sender, used to determine the validation procedure and payload deserialization.

interval
Kubernetes meta/v1.Duration
(Optional)

Interval at which to reconcile the Receiver with its Secret references.

events
[]string
(Optional)

Events specifies the list of event types to handle, e.g. ‘push’ for GitHub or ‘Push Hook’ for GitLab.

resources
[]ReceiverResource

A list of resources to be notified about changes.

resourceFilter
string
(Optional)

ResourceFilter is a CEL expression expected to return a boolean that is evaluated for each resource referenced in the Resources field when a webhook is received. If the expression returns false then the controller will not request a reconciliation for the resource. The expression can read the resource metadata via ‘res’ and the webhook request body via ‘req’. For generic-oidc receivers, the verified OIDC token claims are also available via ‘claims’. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean.

secretRef
github.com/fluxcd/pkg/apis/meta.LocalObjectReference
(Optional)

SecretRef specifies the Secret containing the token used to validate the payload authenticity. The Secret must contain a ‘token’ key. For GCR receivers, the Secret must also contain an ‘email’ key with the IAM service account email configured on the Pub/Sub push subscription, and an ‘audience’ key with the expected OIDC token audience.

Required for all receiver types except ‘generic-oidc’, which authenticates requests using the OIDC token instead and must not set this field.

oidcProviders
[]OIDCProvider
(Optional)

OIDCProviders specifies the OIDC providers used to authenticate incoming requests when Type is ‘generic-oidc’. The provider whose IssuerURL matches the token’s ‘iss’ claim is used to verify the token signature, expiration and audience, and to evaluate the configured CEL validations against the token claims.

suspend
bool
(Optional)

Suspend tells the controller to suspend subsequent events handling for this receiver.

status
ReceiverStatus

CrossNamespaceObjectReference

(Appears on: ReceiverResource)

CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level

FieldDescription
apiVersion
string
(Optional)

API version of the referent

kind
string

Kind of the referent

name
string

Name of the referent If multiple resources are targeted * may be set.

namespace
string
(Optional)

Namespace of the referent

matchLabels
map[string]string
(Optional)

MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. MatchLabels requires the name to be set to *.

OIDCProvider

(Appears on: ReceiverSpec)

OIDCProvider configures an OIDC issuer used to authenticate requests for a ‘generic-oidc’ Receiver.

FieldDescription
issuerURL
string

IssuerURL is the OIDC issuer URL used for provider discovery. It must match the ‘iss’ claim of tokens issued by this provider.

audience
string
(Optional)

Audience is the expected audience (‘aud’ claim) for tokens issued by this provider. Defaults to ‘notification-controller’.

variables
[]OIDCVariable
(Optional)

Variables is an optional list of named CEL expressions, evaluated in order and exposed as ‘vars.’. Each expression can read the token claims via ‘claims’ and any variable defined before it. Use it to share sub-expressions across validations.

validations
[]OIDCValidation

Validations is the list of CEL boolean expressions evaluated against the token claims and the variables. The request is accepted only if all of them evaluate to true; the message of each failing expression is returned to the caller.

At least one validation is required. A valid signature alone does not authorize a request: public issuers issue tokens to any caller on the platform, so the validations must constrain the caller’s identity claims (e.g. ‘repository_owner’ for GitHub Actions).

OIDCValidation

(Appears on: OIDCProvider)

OIDCValidation is a CEL boolean expression evaluated against the OIDC token claims and variables of a ‘generic-oidc’ Receiver.

FieldDescription
expression
string

Expression is the CEL boolean expression to evaluate.

message
string

Message is returned to the caller when the expression evaluates to false.

OIDCVariable

(Appears on: OIDCProvider)

OIDCVariable is a named CEL expression evaluated against the OIDC token claims of a ‘generic-oidc’ Receiver.

FieldDescription
name
string

Name is the variable name; it must be a valid CEL identifier.

expression
string

Expression is the CEL expression that defines the variable value.

ReceiverResource

(Appears on: ReceiverSpec)

ReceiverResource references a resource to be notified about changes, with an optional per-resource CEL filter.

FieldDescription
CrossNamespaceObjectReference
CrossNamespaceObjectReference

(Members of CrossNamespaceObjectReference are embedded into this type.)

filter
string
(Optional)

Filter is a CEL expression expected to return a boolean that is evaluated for each resource matched by this reference when a webhook is received, in addition to the top-level resourceFilter. A reconciliation is requested only when both expressions (when set) return true. The expression can read the resource metadata via ‘res’ and the webhook request body via ‘req’. For generic-oidc receivers, the verified OIDC token claims are also available via ‘claims’. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean.

ReceiverSpec

(Appears on: Receiver)

ReceiverSpec defines the desired state of the Receiver.

FieldDescription
type
string

Type of webhook sender, used to determine the validation procedure and payload deserialization.

interval
Kubernetes meta/v1.Duration
(Optional)

Interval at which to reconcile the Receiver with its Secret references.

events
[]string
(Optional)

Events specifies the list of event types to handle, e.g. ‘push’ for GitHub or ‘Push Hook’ for GitLab.

resources
[]ReceiverResource

A list of resources to be notified about changes.

resourceFilter
string
(Optional)

ResourceFilter is a CEL expression expected to return a boolean that is evaluated for each resource referenced in the Resources field when a webhook is received. If the expression returns false then the controller will not request a reconciliation for the resource. The expression can read the resource metadata via ‘res’ and the webhook request body via ‘req’. For generic-oidc receivers, the verified OIDC token claims are also available via ‘claims’. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean.

secretRef
github.com/fluxcd/pkg/apis/meta.LocalObjectReference
(Optional)

SecretRef specifies the Secret containing the token used to validate the payload authenticity. The Secret must contain a ‘token’ key. For GCR receivers, the Secret must also contain an ‘email’ key with the IAM service account email configured on the Pub/Sub push subscription, and an ‘audience’ key with the expected OIDC token audience.

Required for all receiver types except ‘generic-oidc’, which authenticates requests using the OIDC token instead and must not set this field.

oidcProviders
[]OIDCProvider
(Optional)

OIDCProviders specifies the OIDC providers used to authenticate incoming requests when Type is ‘generic-oidc’. The provider whose IssuerURL matches the token’s ‘iss’ claim is used to verify the token signature, expiration and audience, and to evaluate the configured CEL validations against the token claims.

suspend
bool
(Optional)

Suspend tells the controller to suspend subsequent events handling for this receiver.

ReceiverStatus

(Appears on: Receiver)

ReceiverStatus defines the observed state of the Receiver.

FieldDescription
ReconcileRequestStatus
github.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus

(Members of ReconcileRequestStatus are embedded into this type.)

conditions
[]Kubernetes meta/v1.Condition
(Optional)

Conditions holds the conditions for the Receiver.

webhookPath
string
(Optional)

WebhookPath is the generated incoming webhook address in the format of ‘/hook/sha256sum(token+name+namespace)’.

observedGeneration
int64
(Optional)

ObservedGeneration is the last observed generation of the Receiver object.

This page was automatically generated with gen-crd-api-reference-docs