Skip to main content

config.rig.dev/v1alpha1

Package v1alpha1 contains API Schema definitions for the config v1alpha1 API group

Resource Types

Auth

Auth specifies authentication configuration.

Appears in:

FieldDescription
secret stringSecret specifies a secret which will be used for jwt signatures.
certificateFile stringCertificateFile specifies a path to a PEM encoded certificate file which
will be used for validating jwt signatures.
certificateKeyFile stringCertificateKeyFile specifies a path to a PEM encoded certificate key
which will be used for jwt signatures.
disablePasswords booleanDisablePasswords disables password authentication. This makes sense if
you want to require SSO, as login method.
sso SSOSSO specifies single sign on configuration.
allowRegister booleanAllowRegister specifies if users are allowed to register new accounts.
requireVerification booleanIsVerified specifies if users are required to verify their email address.
sendWelcomeEmail booleanSendWelcomeEmail specifies if a welcome email should be sent to new users.
This will use the default email config

CapsuleMatch

Appears in:

FieldDescription
namespaces string arrayIf set, only capsules in one of the namespaces given will have this step run.
names string arrayIf set, only execute the plugin on the capsules specified.
annotations object (keys:string, values:string)If set, only execute the plugin on the capsules matching the annotations.
enableForPlatform booleanIf set, will enable the step for the Rig platform which is a Capsule as well

CapsuleStep

Appears in:

FieldDescription
plugin stringThe plugin to use for handling the capsule step.
fx. "rigdev.ingress_routes" for routesStep will create an ingress resource per route.
fx. "rigdev.deployment" for deploymentStep will use the default deployment plugin.
config stringConfig is a string defining the plugin-specific configuration of the plugin.

Client

Client holds various client configuration

Appears in:

FieldDescription
postgres ClientPostgresPostgres holds configuration for the postgres client.
docker ClientDockerDocker sets the host for the Docker client.
mailjet ClientMailjetDeprecated: use 'client.mailjets' instead.
Mailjet sets the API key and secret for the Mailjet client.
mailjets object (keys:string, values:ClientMailjet)Mailjets holds configuration for multiple mailjet clients.
The key is the id of the client, which should be unique across Mailjet and SMTP clients.
smtp ClientSMTPDeprecated: use 'client.smtps' instead.
SMTP sets the host, port, username and password for the SMTP client.
smtps object (keys:string, values:ClientSMTP)SMTPs holds configuration for muliple SMTP clients.
The key is the id of the client, which should be unique across Mailjet and SMTP clients.
operator ClientOperatorOperator sets the base url for the Operator client.
slack object (keys:string, values:ClientSlack)Slack holds configuration for sending slack messages. The key is the id of the client.
For example the workspace in which the app is installed
git ClientGitGit client configuration for communicating with multiple repositories.

ClientDocker

ClientDocker specifies the configuration for the docker client.

Appears in:

FieldDescription
host stringHost where the docker daemon can be reached.

ClientGit

ClientGit contains configuration for git integrations. A given git repository can have authentication from either Auths or GitHubAuths with preference for GitHubAuths if there is a match.

Appears in:

FieldDescription
auths GitAuth arrayAuths the git client can behave as.
gitHubAuths GitHub arrayGitHubAuths is authentication information for GitHub repositories.
gitLabAuths GitLab arrayGitLabAuths is the authentication information for GitLab repositories.
author GitAuthorAuthor used when creating commits.

ClientMailjet

ClientMailjet specifes the configuration for the mailjet client.

Appears in:

FieldDescription
apiKey stringAPIKey is the mailjet API key
secretKey stringSecretKey is the mailjet secret key

ClientOperator

ClientOperator specifies the configuration for the operator client.

Appears in:

FieldDescription
baseUrl stringBaseURL is the URL used to connect to the operator API

ClientPostgres

ClientPostgres specifies the configuration for the postgres client.

Appears in:

FieldDescription
user stringUser is the database user used when connecting to the postgres database.
password stringPassword is the password used when connecting to the postgres database.
host stringHost is the host where the postgres database can be reached.
port integerPort is the port of the postgres database server.
database stringDatabase in the postgres server to use
insecure booleanInsecure is wether to use SSL when connecting to the postgres server

ClientSMTP

ClientSMTP specifies the configuration for the SMTP client.

Appears in:

FieldDescription
host stringHost is the SMTP server host.
port integerPort is the SMTP server port to use.
username stringUsername used when connecting to the SMTP server.
password stringPassword used when connecting to the SMTP server.

ClientSlack

Appears in:

FieldDescription
token stringSlack authentication token.

Cluster

Cluster specifies cluster configuration

Appears in:

FieldDescription
url stringURL to communicate to the cluster. If set, a Token and CertificateAuthority should
be provided as well.
If not set, the cluster is interpreted to be the cluster in which the platform runs.
token stringToken for communicating with the cluster. Available through a service-account's secret.
script stringScript to execute for getting an access-token to the cluster.
The output is expected to be a json-encoding of an ExecCredential.
See https://pkg.go.dev/k8s.io/client-go@v0.31.0/pkg/apis/clientauthentication/v1beta1#ExecCredential
for the format of the struct.
certificateAuthority stringCertificate authority for communicating with the cluster. Available through a service-account's secret.
type ClusterTypeType of the cluster - either docker or k8s.
devRegistry DevRegistryDevRegistry configuration
git ClusterGitGit sets up gitops write back for this cluster.
createPullSecrets booleanIf set, secrets will be created if needed, for pulling images.

ClusterGit

ClusterGit specifies configuration for git integration. This can be used to tie rig into a gitops setup.

Appears in:

FieldDescription
url stringURL is the git repository URL.
branch stringBranch to commit changes to.
pathPrefix stringPathPrefix path to commit to in git repository.
Deprecated: Use pathPrefixes instead.
pathPrefixes PathPrefixesPathPrefixes path to commit to in git repository
templates GitTemplatesTemplates used for commit messages.
credentials GitCredentialsCredentials to use when connecting to git.
Deprecated: Use client.git.auths instead.
author GitAuthorAuthor used when creating commits.
Deprecated: Use client.git.author instead.

ClusterType

Underlying type: string

ClusterType is a cluster type.

Appears in:

CustomPlugin

Appears in:

FieldDescription
image stringThe container image which supplies the plugins

DevRegistry

DevRegistry specifies configuration for the dev registry support.

Appears in:

FieldDescription
host stringHost is the host used in image names when pushing to the registry from
outside of the cluster.
clusterHost stringClusterHost is the host where the registry can be reached from within
the cluster. Any image which is named after Host will be rename to use
ClusterHost instead. This ensures that the image can be pulled from
within the cluster.

DockerRegistryCredentials

Appears in:

FieldDescription
username stringUsername for the docker registry.
password stringPassword for the docker registry.
script stringScript (shell) to execute that should echo the credentials.
The output is expected to be a single line (with new-line termination) of format <username>:<password>.
expire DurationExpire is the maximum duration a credential will be cached for, before it's recycled.
If a cached credential is rejected before this time, it may be renewed before this duration is expired.
Default is 12h.

Email

Email holds configuration for sending emails. Either using mailjet or using SMTP

Appears in:

FieldDescription
id stringID is the specified id an email configuration.
from stringFrom is who is set as the sender of rig emails.
type EmailTypeDeprecated: ID for an email configuration is used instead.

EmailType

Underlying type: string

EmailType represents a type of mailing provider

Appears in:

Extension

Extension is a typed (through JSON Schema) expansion of a Platform resource, that allows extending the default customization.

Appears in:

FieldDescription
schema JSONSchemaPropsThe schema of the extension, expressed as a json-schema
(https://json-schema.org/). While the full syntax is supported,
some features may be semantically disabled which would make the Platform
not start or not process Rollouts.

GitAuth

Appears in:

FieldDescription
url stringURL is a exact match for the repo-url this auth can be used for.
urlPrefix stringURLPrefix is a prefix-match for the repo urls this auth can be used for.
Deprecated: use Match instead
match URLMatchHow the url should be matched. Can either be 'exact' or 'prefix'
Defaults to 'exact'
credentials GitCredentialsCredentials to use when connecting to git.
pullingIntervalSeconds integerIf no web hook is confugured, pull the git repository at the set interval instead
to fetch changes. Defaults to 3 mins if no value.

GitAuthor

GitAuthor specifies a git commit author

Appears in:

FieldDescription
name stringName of author
email stringEmail of author

GitCredentials

GitCredentials specifies how to authenticate against git.

Appears in:

FieldDescription
https HTTPSCredentialHTTPS specifies basic auth credentials.
ssh SSHCredentialSSH specifies SSH credentials.

GitHub

GitHub contains configuration specifically for GitHub repositories. To enable pull requests on a GitHub repository, you must add GitHub authentication using appID, installationID and privateKey for a GitHub app with read/write access to pull requests. To have normal read/write access to a repository, you can forego GitHub app authentication if there is a GitAuth section with credentials for the given repository instead. If you have GitHub app authentication for a GitHub app with read/write access to the repository, you don't need a matching GitAuth section.

Appears in:

FieldDescription
orgRepo stringOrgRepo is a string containing the GitHub organization and optionally a repository as well.
If both org and repo is given, they should be seperated by a '/', e.g. 'myorg/myrepo'.
If repo is not given, e.g. 'myrepo', then it matches all repositories within the org 'myorg'.
If both org and repo is given, it matches exactly the repo within the org.
organization stringOrganization is the GitHub organization to match.
Deprecated: Use OrgRepo instead
repository stringRepository matches the GitHub repository. If empty, matches all.
Deprecated: Use OrgRepo instead
auth GitHubAuthAuth contains GitHub specific authentication configuration.
polling GitHubPollingPolling contains GitHub specific configuration.

GitHubAuth

GitHubAuth contains authentication information specifically for a GitHub repository. Authentication is done using GitHub apps. See https://docs.rig.dev/operator-manual/gitops#github-authentication for a guide on how to set it up.

Appears in:

FieldDescription
appID integerAppID is the app ID of the GitHub app
installationID integerInstallationID is the installation ID of the GitHub app
privateKey stringPrivateKey is a PEM encoded SSH private key.
privateKeyPassword stringPrivateKeyPassword is an optional password for the SSH private key.

GitHubPolling

GitHubPolling defines webhook/pulling configuration for a GitHub repository.

Appears in:

FieldDescription
webhookSecret stringWebHookSecret is the secret used to validate incoming webhooks.
pullingIntervalSeconds integerIf webHookSecret isn't set, pull the git repository at the set interval instead
to fetch changes. Defaults to 3 mins if no value.

GitLab

GitLab contains configuration specifically for GitLab repositories. To enable pull requests on a GitLab repository, you must add GitLab authentication using an access token. To have normal read/write access to a repository, you can forego GitLab access tokens if there is a GitAuth section with credentials for the given repository instead. If you have GitLab authentication for a repository, you don't need a matching GitAuth section.

Appears in:

FieldDescription
groupsProject stringGroupsProject is a string containing a list of GitLab groups and optionally a project
Groups are separated by '/' and project by ':', e.g.
group/subgroup1/subgroup2:project
If a project is given, it matches exactly that project within that sequence of subsgroups
If no project is given, it matches all projects within all subgroups which are children of the
given group sequence. E.g.
'group' will match 'group/subgroup1:project1' and 'group/subgroup1/subgroup2:project2'
groups string arrayGroups is a sequence of GitLab groups.
The first is the main group and the rest a nesting of subgroups.
If Project is empty, the configuration will match any
GitLab repository whose (group, subgroups) sequence where 'groups' is a prefix.
Deprecated: Use GroupsProject
project stringProject is the GitLab project of the repository. Can be empty for matching all project names.
Deprecated: Use GroupsProject
auth GitLabAuthAuth contains GitLab specific authentication configuration.
polling GitLabPollingPolling contains GitLab specific configuration.

GitLabAuth

GitLabAuth contains authentication information specifically for a GitLab repository. Authentication is done using an access token. See https://docs.rig.dev/operator-manual/gitops#gitlab-authentication for a guide on how to set it up.

Appears in:

FieldDescription
accessToken stringAccessToken is an accessToken which is used to authenticate against the GitLab repository.

GitLabPolling

GitLabPolling defines webhook/pulling configuration for a GitLab repository.

Appears in:

FieldDescription
webhookSecret stringWebHookSecret is the secret used to validate incoming webhooks.
pullingIntervalSeconds integerIf webHookSecret isn't set, pull the git repository at the set interval instead
to fetch changes. Defaults to 3 mins if no value.

GitTemplates

GitTemplates specifies the templates used for creating commits.

Appears in:

FieldDescription
rollout stringRollout specifies the template used for rollout commits.
delete stringDelete specifies the template used for delete commits.

HTTPSCredential

HTTPSCredential specifies basic auth credentials

Appears in:

FieldDescription
username stringUsername is the basic auth user name
password stringPassword is the basic auth password

Logging

Logging specifies logging configuration.

Appears in:

FieldDescription
devMode booleanDevModeEnabled enables verbose logs and changes the logging format to be
more human readable.
level LevelLevel sets the granularity of logging.

OIDCProvider

OIDCProvider specifies an OIDC provider.

Appears in:

FieldDescription
name stringName is a human-readable name of the provider. If set this will be used
instead of the provider id (the key in
PlatformConfig.Auth.SSO.OIDCProviders)
issuerURL stringIssuerURL is the URL for the OIDC issuer endpoint.
clientID stringClientID is the OAuth client ID.
clientSecret stringClientSecret is the OAuth client secret.
allowedDomains string arrayAllowedDomains is a list of email domains to allow. If left empty any
successful authentication on the provider is allowed.
scopes string arrayScopes is a list of additional scopes other than openid, email and
profile.
groupsClaim stringGroupsClaim is the path to a claim in the JWT containing a string or
list of strings of group names.
disableJITGroups booleanDisableJITGroups disables creation of groups found through OIDC in rig.
groupMapping object (keys:string, values:string)GroupMapping is a mapping from OIDC provided group names to group names
used in rig. If an OIDC provided group name is not provided in this
mapping we will use the OIDC provided groupname in rig.
icon OIDCProviderIconIcon is what icon to show for this provider.
disableUserMerging booleanDisableUserMerging disallows merging their OIDC account with an existing user in rig.
This effectively means, that if a user is created using OIDC, then it can only login
using that OIDC provider.

OIDCProviderIcon

Underlying type: string

OIDCProviderIcon is a string representing what provider icon should be shown on the login page. Valid options: "google", "azure", "aws", "facebook", "keycloak".

Appears in:

OperatorConfig

OperatorConfig is the Schema for the operator config API

FieldDescription
apiVersion stringconfig.rig.dev/v1alpha1
kind stringOperatorConfig
webhooksEnabled booleanWebhooksEnabled sets wether or not webhooks should be enabled. When
enabled a certificate should be mounted at the webhook server
certificate path. Defaults to true if omitted.
devModeEnabled booleanDevModeEnabled enables verbose logs and changes the logging format to be
more human readable.
leaderElectionEnabled booleanLeaderElectionEnabled enables leader election when running multiple
instances of the operator.
pipeline PipelinePipeline defines the capsule controller pipeline

PathPrefixes

PathPrefixes is the (possibly templated) path prefix to commit to in git repository depending on which resource is being written.

Appears in:

FieldDescription
capsule string
project string

Pipeline

Appears in:

FieldDescription
serviceAccountStep CapsuleStepHow to handle the service account step of capsules in the cluster.
Defaults to rigdev.service_account.
deploymentStep CapsuleStepHow to handle the deployment step of capsules in the cluster.
Defaults to rigdev.deployment.
routesStep CapsuleStepHow to handle the routes for capsules in the cluster.
If left empty, routes will not be handled.
cronJobsStep CapsuleStepHow to handle the cronjob step of capsules in the cluster.
Defaults to rigdev.cron_jobs
vpaStep CapsuleStepHow to handle the VPA step of capsules in the cluster.
If left empty, no VPAs will be created.
serviceMonitorStep CapsuleStepHow to handle the service monitor step of capsules in the cluster.
If left empty, no service monitors will be created.
rigdev.service_monitor plugin spawns a Prometheus ServiceMonitor per capsule
for use with a Prometheus Operator stack.
steps Step arraySteps to perform as part of running the operator.
customPlugins CustomPlugin arrayCustomPlugins enables custom plugins to be injected into the
operator. The plugins injected here can then be referenced in 'steps'
capsuleExtensions object (keys:string, values:CapsuleStep)CapsuleExtensions supported by the Operator. Each extension supported
should be configured in the map, with an additional plugin name.

PlatformConfig

PlatformConfig is the Schema for the platform config API

FieldDescription
apiVersion stringconfig.rig.dev/v1alpha1
kind stringPlatformConfig
port integerPort sets the port the platform should listen on
publicURL stringPublicUrl sets the public url for the platform. This is used for
generating urls for the platform when using oauth2.
telemetryEnabled booleanTelemetryEnabled specifies wether or not we are allowed to collect usage
data. Defaults to true.
auth AuthAuth holds authentication configuration.
client ClientClient holds configuration for clients used in the platform.
repository RepositoryRepository specifies the type of db to use along with secret key
cluster ClusterCluster holds cluster specific configuration
Deprecated: Use clusters instead.
email EmailEmail holds the default configuration for sending emails. Either using mailjet or using SMTP.
logging LoggingLogging holds information about the granularity of logging
clusters object (keys:string, values:Cluster)Clusters the platform has access to.
dockerRegistries object (keys:string, values:DockerRegistryCredentials)DockerRegistries holds configuration for multiple docker registries. The key is the host-prefix of the registry
capsuleExtensions object (keys:string, values:Extension)CapsuleExtensions contains typed extensions to the Capsule spec.

Plugin

Appears in:

FieldDescription
tag stringOptional tag which is readable by plugin when executed
name stringName of the plugin to run.
Deprecated, use Plugin.
plugin stringName of the plugin to run.
config stringConfig is a string defining the plugin-specific configuration of the plugin.

Repository

Repository specifies repository configuration

Appears in:

FieldDescription
store stringStore is what database will be used, can only be postgres.
secret stringSecret is a secret key used for encrypting sensitive data before saving
it in the database.

SSHCredential

SSHCredential specifies SSH credentials

Appears in:

FieldDescription
privateKey stringPrivateKey is a PEM encoded SSH private key.
password stringPrivateKeyPassword is an optional password for the SSH private key.

SSO

SSO specifies single sign on configuration.

Appears in:

FieldDescription
oidcProviders object (keys:string, values:OIDCProvider)OIDCProviders specifies enabled OIDCProviders which can be used for
login.

Step

Appears in:

FieldDescription
tag stringOptional tag which is readable by plugins when executed
match CapsuleMatchMatch requirements for running the Step on a given Capsule.
plugins Plugin arrayPlugins to run as part of this step.
namespaces string arrayIf set, only capsules in one of the namespaces given will have this step run.
Deprecated, use Match.Namespaces.
capsules string arrayIf set, only execute the plugin on the capsules specified.
Deprecated, use Match.Names.
enableForPlatform booleanIf set, will enable the step for the Rig platform which is a Capsule as well
Deprecated, use Match.EnableForPlatform.

URLMatch

Underlying type: string

Appears in:

generated from source code

This page is generated based on go source code. If you have suggestions for improvements for this page, please open an issue at github.com/rigdev/rig, or a pull request with changes to the go source files.