Notification API reference v1
Packages:
notification.toolkit.fluxcd.io/v1
Package v1 contains API Schema definitions for the notification v1 API group.
Resource Types:Receiver
Receiver is the Schema for the receivers API.
| Field | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
apiVersionstring | notification.toolkit.fluxcd.io/v1 | ||||||||||||||||
kindstring | Receiver | ||||||||||||||||
metadataKubernetes meta/v1.ObjectMeta | Refer to the Kubernetes API documentation for the fields of the
metadata field. | ||||||||||||||||
specReceiverSpec |
| ||||||||||||||||
statusReceiverStatus |
CrossNamespaceObjectReference
(Appears on: ReceiverResource)
CrossNamespaceObjectReference contains enough information to let you locate the typed referenced object at cluster level
| Field | Description |
|---|---|
apiVersionstring | (Optional) API version of the referent |
kindstring | Kind of the referent |
namestring | Name of the referent
If multiple resources are targeted |
namespacestring | (Optional) Namespace of the referent |
matchLabelsmap[string]string | (Optional) MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is “key”, the
operator is “In”, and the values array contains only “value”. The requirements are ANDed.
MatchLabels requires the name to be set to |
OIDCProvider
(Appears on: ReceiverSpec)
OIDCProvider configures an OIDC issuer used to authenticate requests for a ‘generic-oidc’ Receiver.
| Field | Description |
|---|---|
issuerURLstring | IssuerURL is the OIDC issuer URL used for provider discovery. It must match the ‘iss’ claim of tokens issued by this provider. |
audiencestring | (Optional) Audience is the expected audience (‘aud’ claim) for tokens issued by this provider. Defaults to ‘notification-controller’. |
variables[]OIDCVariable | (Optional) Variables is an optional list of named CEL expressions, evaluated in order
and exposed as ‘vars. |
validations[]OIDCValidation | Validations is the list of CEL boolean expressions evaluated against the token claims and the variables. The request is accepted only if all of them evaluate to true; the message of each failing expression is returned to the caller. At least one validation is required. A valid signature alone does not authorize a request: public issuers issue tokens to any caller on the platform, so the validations must constrain the caller’s identity claims (e.g. ‘repository_owner’ for GitHub Actions). |
OIDCValidation
(Appears on: OIDCProvider)
OIDCValidation is a CEL boolean expression evaluated against the OIDC token claims and variables of a ‘generic-oidc’ Receiver.
| Field | Description |
|---|---|
expressionstring | Expression is the CEL boolean expression to evaluate. |
messagestring | Message is returned to the caller when the expression evaluates to false. |
OIDCVariable
(Appears on: OIDCProvider)
OIDCVariable is a named CEL expression evaluated against the OIDC token claims of a ‘generic-oidc’ Receiver.
| Field | Description |
|---|---|
namestring | Name is the variable name; it must be a valid CEL identifier. |
expressionstring | Expression is the CEL expression that defines the variable value. |
ReceiverResource
(Appears on: ReceiverSpec)
ReceiverResource references a resource to be notified about changes, with an optional per-resource CEL filter.
| Field | Description |
|---|---|
CrossNamespaceObjectReferenceCrossNamespaceObjectReference | (Members of |
filterstring | (Optional) Filter is a CEL expression expected to return a boolean that is evaluated for each resource matched by this reference when a webhook is received, in addition to the top-level resourceFilter. A reconciliation is requested only when both expressions (when set) return true. The expression can read the resource metadata via ‘res’ and the webhook request body via ‘req’. For generic-oidc receivers, the verified OIDC token claims are also available via ‘claims’. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean. |
ReceiverSpec
(Appears on: Receiver)
ReceiverSpec defines the desired state of the Receiver.
| Field | Description |
|---|---|
typestring | Type of webhook sender, used to determine the validation procedure and payload deserialization. |
intervalKubernetes meta/v1.Duration | (Optional) Interval at which to reconcile the Receiver with its Secret references. |
events[]string | (Optional) Events specifies the list of event types to handle, e.g. ‘push’ for GitHub or ‘Push Hook’ for GitLab. |
resources[]ReceiverResource | A list of resources to be notified about changes. |
resourceFilterstring | (Optional) ResourceFilter is a CEL expression expected to return a boolean that is evaluated for each resource referenced in the Resources field when a webhook is received. If the expression returns false then the controller will not request a reconciliation for the resource. The expression can read the resource metadata via ‘res’ and the webhook request body via ‘req’. For generic-oidc receivers, the verified OIDC token claims are also available via ‘claims’. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean. |
secretRefgithub.com/fluxcd/pkg/apis/meta.LocalObjectReference | (Optional) SecretRef specifies the Secret containing the token used to validate the payload authenticity. The Secret must contain a ‘token’ key. For GCR receivers, the Secret must also contain an ‘email’ key with the IAM service account email configured on the Pub/Sub push subscription, and an ‘audience’ key with the expected OIDC token audience. Required for all receiver types except ‘generic-oidc’, which authenticates requests using the OIDC token instead and must not set this field. |
oidcProviders[]OIDCProvider | (Optional) OIDCProviders specifies the OIDC providers used to authenticate incoming requests when Type is ‘generic-oidc’. The provider whose IssuerURL matches the token’s ‘iss’ claim is used to verify the token signature, expiration and audience, and to evaluate the configured CEL validations against the token claims. |
suspendbool | (Optional) Suspend tells the controller to suspend subsequent events handling for this receiver. |
ReceiverStatus
(Appears on: Receiver)
ReceiverStatus defines the observed state of the Receiver.
| Field | Description |
|---|---|
ReconcileRequestStatusgithub.com/fluxcd/pkg/apis/meta.ReconcileRequestStatus | (Members of |
conditions[]Kubernetes meta/v1.Condition | (Optional) Conditions holds the conditions for the Receiver. |
webhookPathstring | (Optional) WebhookPath is the generated incoming webhook address in the format of ‘/hook/sha256sum(token+name+namespace)’. |
observedGenerationint64 | (Optional) ObservedGeneration is the last observed generation of the Receiver object. |
This page was automatically generated with gen-crd-api-reference-docs