Kluctl Controller API reference

Kluctl Controller API reference

Packages:

gitops.kluctl.io/v1beta1

Package v1beta1 contains API Schema definitions for the gitops.kluctl.io v1beta1 API group.

Resource Types:

    Decryption

    (Appears on: KluctlDeploymentSpec)

    Decryption defines how decryption is handled for Kubernetes manifests.

    FieldDescription
    provider
    string

    Provider is the name of the decryption engine.

    secretRef
    LocalObjectReference
    (Optional)

    The secret name containing the private OpenPGP keys used for decryption.

    serviceAccount
    string
    (Optional)

    ServiceAccount specifies the service account used to authenticate against cloud providers. This is currently only usable for AWS KMS keys. The specified service account will be used to authenticate to AWS by signing a token in an IRSA compliant way.

    HelmCredentials

    (Appears on: KluctlDeploymentSpec)

    FieldDescription
    secretRef
    LocalObjectReference

    SecretRef holds the name of a secret that contains the Helm credentials. The secret must either contain the fields credentialsId which refers to the credentialsId found in https://kluctl.io/docs/kluctl/reference/deployments/helm/#private-repositories or an url used to match the credentials found in Kluctl projects helm-chart.yaml files. The secret can either container basic authentication credentials via username and password or TLS authentication via certFile and keyFile. caFile can be specified to override the CA to use while contacting the repository. The secret can also contain insecureSkipTlsVerify: "true", which will disable TLS verification. passCredentialsAll: "true" can be specified to make the controller pass credentials to all requests, even if the hostname changes in-between.

    KluctlDeployment

    KluctlDeployment is the Schema for the kluctldeployments API

    FieldDescription
    metadata
    Kubernetes meta/v1.ObjectMeta
    Refer to the Kubernetes API documentation for the fields of the metadata field.
    spec
    KluctlDeploymentSpec


    source
    ProjectSource

    Specifies the project source location

    sourceOverrides
    []SourceOverride
    (Optional)

    Specifies source overrides

    credentials
    ProjectCredentials
    (Optional)

    Credentials specifies the credentials used when pulling sources

    decryption
    Decryption
    (Optional)

    Decrypt Kubernetes secrets before applying them on the cluster.

    interval
    Kubernetes meta/v1.Duration

    The interval at which to reconcile the KluctlDeployment. Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared to the last deployment. To override this behavior, set the DeployInterval value.

    retryInterval
    Kubernetes meta/v1.Duration
    (Optional)

    The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the Interval value to retry failures.

    deployInterval
    SafeDuration
    (Optional)

    DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered result does not change.

    validateInterval
    SafeDuration
    (Optional)

    ValidateInterval specifies the interval at which to validate the KluctlDeployment. Validation is performed the same way as with ‘kluctl validate -t ’. Defaults to the same value as specified in Interval. Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval

    timeout
    Kubernetes meta/v1.Duration
    (Optional)

    Timeout for all operations. Defaults to ‘Interval’ duration.

    suspend
    bool
    (Optional)

    This flag tells the controller to suspend subsequent kluctl executions, it does not apply to already started executions. Defaults to false.

    helmCredentials
    []HelmCredentials
    (Optional)

    HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a Kluctl deployment. DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.

    serviceAccountName
    string
    (Optional)

    The name of the Kubernetes service account to use while deploying. If not specified, the default service account is used.

    kubeConfig
    KubeConfig
    (Optional)

    The KubeConfig for deploying to the target cluster. Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match the context found in the kluctl target. As an alternative, specify the context to be used via ‘context’

    target
    string
    (Optional)

    Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no context. Use ‘TargetName’ and ‘Context’ to specify the name and context in that case.

    targetNameOverride
    string
    (Optional)

    TargetNameOverride sets or overrides the target name. This is especially useful when deployment without a target.

    context
    string
    (Optional)

    If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified in the target.

    args
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    Args specifies dynamic target args.

    images
    []github.com/kluctl/kluctl/v2/pkg/types.FixedImage
    (Optional)

    Images contains a list of fixed image overrides. Equivalent to using ‘–fixed-images-file’ when calling kluctl.

    dryRun
    bool
    (Optional)

    DryRun instructs kluctl to run everything in dry-run mode. Equivalent to using ‘–dry-run’ when calling kluctl.

    noWait
    bool
    (Optional)

    NoWait instructs kluctl to not wait for any resources to become ready, including hooks. Equivalent to using ‘–no-wait’ when calling kluctl.

    forceApply
    bool
    (Optional)

    ForceApply instructs kluctl to force-apply in case of SSA conflicts. Equivalent to using ‘–force-apply’ when calling kluctl.

    replaceOnError
    bool
    (Optional)

    ReplaceOnError instructs kluctl to replace resources on error. Equivalent to using ‘–replace-on-error’ when calling kluctl.

    forceReplaceOnError
    bool
    (Optional)

    ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails. Equivalent to using ‘–force-replace-on-error’ when calling kluctl.

    abortOnError
    bool
    (Optional)

    ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails. Equivalent to using ‘–abort-on-error’ when calling kluctl.

    includeTags
    []string
    (Optional)

    IncludeTags instructs kluctl to only include deployments with given tags. Equivalent to using ‘–include-tag’ when calling kluctl.

    excludeTags
    []string
    (Optional)

    ExcludeTags instructs kluctl to exclude deployments with given tags. Equivalent to using ‘–exclude-tag’ when calling kluctl.

    includeDeploymentDirs
    []string
    (Optional)

    IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir. Equivalent to using ‘–include-deployment-dir’ when calling kluctl.

    excludeDeploymentDirs
    []string
    (Optional)

    ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir. Equivalent to using ‘–exclude-deployment-dir’ when calling kluctl.

    deployMode
    string
    (Optional)

    DeployMode specifies what deploy mode should be used. The options ‘full-deploy’ and ‘poke-images’ are supported. With the ‘poke-images’ option, only images are patched into the target without performing a full deployment.

    validate
    bool
    (Optional)

    Validate enables validation after deploying

    prune
    bool
    (Optional)

    Prune enables pruning after deploying.

    delete
    bool
    (Optional)

    Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.

    manual
    bool
    (Optional)

    Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment and only after manual approval cause a real deployment

    manualObjectsHash
    string
    (Optional)

    ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment. If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated objects hash does not match this value. There are two ways to use this value properly. 1. Set it manually to the value found in status.lastObjectsHash. 2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.

    status
    KluctlDeploymentStatus

    KluctlDeploymentSpec

    (Appears on: KluctlDeployment)

    FieldDescription
    source
    ProjectSource

    Specifies the project source location

    sourceOverrides
    []SourceOverride
    (Optional)

    Specifies source overrides

    credentials
    ProjectCredentials
    (Optional)

    Credentials specifies the credentials used when pulling sources

    decryption
    Decryption
    (Optional)

    Decrypt Kubernetes secrets before applying them on the cluster.

    interval
    Kubernetes meta/v1.Duration

    The interval at which to reconcile the KluctlDeployment. Reconciliation means that the deployment is fully rendered and only deployed when the result changes compared to the last deployment. To override this behavior, set the DeployInterval value.

    retryInterval
    Kubernetes meta/v1.Duration
    (Optional)

    The interval at which to retry a previously failed reconciliation. When not specified, the controller uses the Interval value to retry failures.

    deployInterval
    SafeDuration
    (Optional)

    DeployInterval specifies the interval at which to deploy the KluctlDeployment, even in cases the rendered result does not change.

    validateInterval
    SafeDuration
    (Optional)

    ValidateInterval specifies the interval at which to validate the KluctlDeployment. Validation is performed the same way as with ‘kluctl validate -t ’. Defaults to the same value as specified in Interval. Validate is also performed whenever a deployment is performed, independent of the value of ValidateInterval

    timeout
    Kubernetes meta/v1.Duration
    (Optional)

    Timeout for all operations. Defaults to ‘Interval’ duration.

    suspend
    bool
    (Optional)

    This flag tells the controller to suspend subsequent kluctl executions, it does not apply to already started executions. Defaults to false.

    helmCredentials
    []HelmCredentials
    (Optional)

    HelmCredentials is a list of Helm credentials used when non pre-pulled Helm Charts are used inside a Kluctl deployment. DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.helm instead.

    serviceAccountName
    string
    (Optional)

    The name of the Kubernetes service account to use while deploying. If not specified, the default service account is used.

    kubeConfig
    KubeConfig
    (Optional)

    The KubeConfig for deploying to the target cluster. Specifies the kubeconfig to be used when invoking kluctl. Contexts in this kubeconfig must match the context found in the kluctl target. As an alternative, specify the context to be used via ‘context’

    target
    string
    (Optional)

    Target specifies the kluctl target to deploy. If not specified, an empty target is used that has no name and no context. Use ‘TargetName’ and ‘Context’ to specify the name and context in that case.

    targetNameOverride
    string
    (Optional)

    TargetNameOverride sets or overrides the target name. This is especially useful when deployment without a target.

    context
    string
    (Optional)

    If specified, overrides the context to be used. This will effectively make kluctl ignore the context specified in the target.

    args
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    Args specifies dynamic target args.

    images
    []github.com/kluctl/kluctl/v2/pkg/types.FixedImage
    (Optional)

    Images contains a list of fixed image overrides. Equivalent to using ‘–fixed-images-file’ when calling kluctl.

    dryRun
    bool
    (Optional)

    DryRun instructs kluctl to run everything in dry-run mode. Equivalent to using ‘–dry-run’ when calling kluctl.

    noWait
    bool
    (Optional)

    NoWait instructs kluctl to not wait for any resources to become ready, including hooks. Equivalent to using ‘–no-wait’ when calling kluctl.

    forceApply
    bool
    (Optional)

    ForceApply instructs kluctl to force-apply in case of SSA conflicts. Equivalent to using ‘–force-apply’ when calling kluctl.

    replaceOnError
    bool
    (Optional)

    ReplaceOnError instructs kluctl to replace resources on error. Equivalent to using ‘–replace-on-error’ when calling kluctl.

    forceReplaceOnError
    bool
    (Optional)

    ForceReplaceOnError instructs kluctl to force-replace resources in case a normal replace fails. Equivalent to using ‘–force-replace-on-error’ when calling kluctl.

    abortOnError
    bool
    (Optional)

    ForceReplaceOnError instructs kluctl to abort deployments immediately when something fails. Equivalent to using ‘–abort-on-error’ when calling kluctl.

    includeTags
    []string
    (Optional)

    IncludeTags instructs kluctl to only include deployments with given tags. Equivalent to using ‘–include-tag’ when calling kluctl.

    excludeTags
    []string
    (Optional)

    ExcludeTags instructs kluctl to exclude deployments with given tags. Equivalent to using ‘–exclude-tag’ when calling kluctl.

    includeDeploymentDirs
    []string
    (Optional)

    IncludeDeploymentDirs instructs kluctl to only include deployments with the given dir. Equivalent to using ‘–include-deployment-dir’ when calling kluctl.

    excludeDeploymentDirs
    []string
    (Optional)

    ExcludeDeploymentDirs instructs kluctl to exclude deployments with the given dir. Equivalent to using ‘–exclude-deployment-dir’ when calling kluctl.

    deployMode
    string
    (Optional)

    DeployMode specifies what deploy mode should be used. The options ‘full-deploy’ and ‘poke-images’ are supported. With the ‘poke-images’ option, only images are patched into the target without performing a full deployment.

    validate
    bool
    (Optional)

    Validate enables validation after deploying

    prune
    bool
    (Optional)

    Prune enables pruning after deploying.

    delete
    bool
    (Optional)

    Delete enables deletion of the specified target when the KluctlDeployment object gets deleted.

    manual
    bool
    (Optional)

    Manual enables manual deployments, meaning that the deployment will initially start as a dry run deployment and only after manual approval cause a real deployment

    manualObjectsHash
    string
    (Optional)

    ManualObjectsHash specifies the rendered objects hash that is approved for manual deployment. If Manual is set to true, the controller will skip deployments when the current reconciliation loops calculated objects hash does not match this value. There are two ways to use this value properly. 1. Set it manually to the value found in status.lastObjectsHash. 2. Use the Kluctl Webui to manually approve a deployment, which will set this field appropriately.

    KluctlDeploymentStatus

    (Appears on: KluctlDeployment)

    KluctlDeploymentStatus defines the observed state of KluctlDeployment

    FieldDescription
    reconcileRequestResult
    ManualRequestResult
    (Optional)
    diffRequestResult
    ManualRequestResult
    (Optional)
    deployRequestResult
    ManualRequestResult
    (Optional)
    pruneRequestResult
    ManualRequestResult
    (Optional)
    validateRequestResult
    ManualRequestResult
    (Optional)
    observedGeneration
    int64
    (Optional)

    ObservedGeneration is the last reconciled generation.

    observedCommit
    string

    ObservedCommit is the last commit observed

    conditions
    []Kubernetes meta/v1.Condition
    (Optional)
    projectKey
    github.com/kluctl/kluctl/lib/git/types.ProjectKey
    (Optional)
    targetKey
    github.com/kluctl/kluctl/v2/pkg/types/result.TargetKey
    (Optional)
    lastObjectsHash
    string
    (Optional)
    lastManualObjectsHash
    string
    (Optional)
    lastPrepareError
    string
    (Optional)
    lastDiffResult
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    LastDiffResult is the result summary of the last diff command

    lastDeployResult
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    LastDeployResult is the result summary of the last deploy command

    lastValidateResult
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    LastValidateResult is the result summary of the last validate command

    lastDriftDetectionResult
    k8s.io/apimachinery/pkg/runtime.RawExtension

    LastDriftDetectionResult is the result of the last drift detection command optional

    lastDriftDetectionResultMessage
    string

    LastDriftDetectionResultMessage contains a short message that describes the drift optional

    KubeConfig

    (Appears on: KluctlDeploymentSpec)

    KubeConfig references a Kubernetes secret that contains a kubeconfig file.

    FieldDescription
    secretRef
    SecretKeyReference

    SecretRef holds the name of a secret that contains a key with the kubeconfig file as the value. If no key is set, the key will default to ‘value’. The secret must be in the same namespace as the Kustomization. It is recommended that the kubeconfig is self-contained, and the secret is regularly updated if credentials such as a cloud-access-token expire. Cloud specific cmd-path auth helpers will not function without adding binaries and credentials to the Pod that is responsible for reconciling the KluctlDeployment.

    LocalObjectReference

    (Appears on: Decryption, HelmCredentials, ProjectCredentialsGit, ProjectCredentialsGitDeprecated, ProjectCredentialsHelm, ProjectCredentialsOci, ProjectSource)

    FieldDescription
    name
    string

    Name of the referent.

    ManualRequest

    (Appears on: ManualRequestResult)

    ManualRequest is used in json form inside the manual request annotations

    FieldDescription
    requestValue
    string
    overridesPatch
    k8s.io/apimachinery/pkg/runtime.RawExtension
    (Optional)

    ManualRequestResult

    (Appears on: KluctlDeploymentStatus)

    FieldDescription
    request
    ManualRequest
    startTime
    Kubernetes meta/v1.Time
    endTime
    Kubernetes meta/v1.Time
    (Optional)
    reconcileId
    string
    resultId
    string
    (Optional)
    commandError
    string
    (Optional)

    ProjectCredentials

    (Appears on: KluctlDeploymentSpec)

    FieldDescription
    git
    []ProjectCredentialsGit
    (Optional)

    Git specifies a list of git credentials

    oci
    []ProjectCredentialsOci
    (Optional)

    Oci specifies a list of OCI credentials

    helm
    []ProjectCredentialsHelm
    (Optional)

    Helm specifies a list of Helm credentials

    ProjectCredentialsGit

    (Appears on: ProjectCredentials)

    FieldDescription
    host
    string

    Host specifies the hostname that this secret applies to. If set to ‘’, this set of credentials applies to all hosts. Using ‘’ for http(s) based repositories is not supported, meaning that such credentials sets will be ignored. You must always set a proper hostname in that case.

    path
    string
    (Optional)

    Path specifies the path to be used to filter Git repositories. The path can contain wildcards. These credentials will only be used for matching Git URLs. If omitted, all repositories are considered to match.

    secretRef
    LocalObjectReference

    SecretRef specifies the Secret containing authentication credentials for the git repository. For HTTPS git repositories the Secret must contain ‘username’ and ‘password’ fields. For SSH git repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields.

    ProjectCredentialsGitDeprecated

    (Appears on: ProjectSource)

    FieldDescription
    host
    string

    Host specifies the hostname that this secret applies to. If set to ‘’, this set of credentials applies to all hosts. Using ‘’ for http(s) based repositories is not supported, meaning that such credentials sets will be ignored. You must always set a proper hostname in that case.

    pathPrefix
    string
    (Optional)

    PathPrefix specifies the path prefix to be used to filter source urls. Only urls that have this prefix will use this set of credentials.

    secretRef
    LocalObjectReference

    SecretRef specifies the Secret containing authentication credentials for the git repository. For HTTPS git repositories the Secret must contain ‘username’ and ‘password’ fields. For SSH git repositories the Secret must contain ‘identity’ and ‘known_hosts’ fields.

    ProjectCredentialsHelm

    (Appears on: ProjectCredentials)

    FieldDescription
    host
    string

    Host specifies the hostname that this secret applies to.

    path
    string
    (Optional)

    Path specifies the path to be used to filter Helm urls. The path can contain wildcards. These credentials will only be used for matching URLs. If omitted, all URLs are considered to match.

    secretRef
    LocalObjectReference

    SecretRef specifies the Secret containing authentication credentials for the Helm repository. The secret can either container basic authentication credentials via username and password or TLS authentication via certFile and keyFile. caFile can be specified to override the CA to use while contacting the repository. The secret can also contain insecureSkipTlsVerify: "true", which will disable TLS verification. passCredentialsAll: "true" can be specified to make the controller pass credentials to all requests, even if the hostname changes in-between.

    ProjectCredentialsOci

    (Appears on: ProjectCredentials)

    FieldDescription
    registry
    string

    Registry specifies the hostname that this secret applies to.

    repository
    string
    (Optional)

    Repository specifies the org and repo name in the format ‘org-name/repo-name’. Both ‘org-name’ and ‘repo-name’ can be specified as ‘*’, meaning that all names are matched.

    secretRef
    LocalObjectReference

    SecretRef specifies the Secret containing authentication credentials for the oci repository. The secret must contain ‘username’ and ‘password’.

    ProjectSource

    (Appears on: KluctlDeploymentSpec)

    FieldDescription
    git
    ProjectSourceGit
    (Optional)

    Git specifies a git repository as project source

    oci
    ProjectSourceOci
    (Optional)

    Oci specifies an OCI repository as project source

    url
    string
    (Optional)

    Url specifies the Git url where the project source is located DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.url instead.

    ref
    github.com/kluctl/kluctl/lib/git/types.GitRef
    (Optional)

    Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used. DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.ref instead.

    path
    string
    (Optional)

    Path specifies the sub-directory to be used as project directory DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.git.path instead.

    secretRef
    LocalObjectReference

    SecretRef specifies the Secret containing authentication credentials for See ProjectSourceCredentials.SecretRef for details DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead. WARNING using this field causes the controller to pass http basic auth credentials to ALL repositories involved. Use spec.credentials.git with a proper Host field instead.

    credentials
    []ProjectCredentialsGitDeprecated
    (Optional)

    Credentials specifies a list of secrets with credentials DEPRECATED this field is deprecated and will be removed in the next API version bump. Use spec.credentials.git instead.

    ProjectSourceGit

    (Appears on: ProjectSource)

    FieldDescription
    url
    string

    URL specifies the Git url where the project source is located. If the given Git repository needs authentication, use spec.credentials.git to specify those.

    ref
    github.com/kluctl/kluctl/lib/git/types.GitRef
    (Optional)

    Ref specifies the branch, tag or commit that should be used. If omitted, the default branch of the repo is used.

    path
    string
    (Optional)

    Path specifies the sub-directory to be used as project directory

    ProjectSourceOci

    (Appears on: ProjectSource)

    FieldDescription
    url
    string

    Url specifies the Git url where the project source is located. If the given OCI repository needs authentication, use spec.credentials.oci to specify those.

    ref
    github.com/kluctl/kluctl/v2/pkg/types.OciRef
    (Optional)

    Ref specifies the tag to be used. If omitted, the “latest” tag is used.

    path
    string
    (Optional)

    Path specifies the sub-directory to be used as project directory

    SafeDuration

    (Appears on: KluctlDeploymentSpec)

    FieldDescription
    Duration
    Kubernetes meta/v1.Duration

    SecretKeyReference

    (Appears on: KubeConfig)

    SecretKeyReference contains enough information to locate the referenced Kubernetes Secret object in the same namespace. Optionally a key can be specified. Use this type instead of core/v1 SecretKeySelector when the Key is optional and the Optional field is not applicable.

    FieldDescription
    name
    string

    Name of the Secret.

    key
    string
    (Optional)

    Key in the Secret, when not specified an implementation-specific default key is used.

    SourceOverride

    (Appears on: KluctlDeploymentSpec)

    FieldDescription
    repoKey
    github.com/kluctl/kluctl/lib/git/types.RepoKey
    url
    string
    isGroup
    bool
    (Optional)

    This page was automatically generated with gen-crd-api-reference-docs

    Last modified July 21, 2024: Sync kluctl docs for v2.25.1 (da07c77)