Packages:
Resource Types:
Stack is the Schema for the stacks API
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | pulumi.com/v1 | true |
| kind | string | Stack | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
StackSpec defines the desired state of Pulumi Stack being managed by this operator. |
false |
| status | object |
StackStatus defines the observed state of Stack |
false |
StackSpec defines the desired state of Pulumi Stack being managed by this operator.
| Name | Type | Description | Required |
|---|---|---|---|
| stack | string |
Stack is the fully qualified name of the stack to deploy (/). |
true |
| accessTokenSecret | string |
(optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access.
Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead. |
false |
| backend | string |
(optional) Backend is an optional backend URL to use for all Pulumi operations. Examples: - Pulumi Service: "https://app.pulumi.com" (default) - Self-managed Pulumi Service: "https://pulumi.acmecorp.com" - Local: "file://./einstein" - AWS: "s3://" - Azure: "azblob://" - GCP: "gs://" See: https://www.pulumi.com/docs/intro/concepts/state/ |
false |
| branch | string |
(optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This
is mutually exclusive with the Commit setting. Either value needs to be specified.
When specified, the operator will periodically poll to check if the branch has any new commits.
The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds. |
false |
| commit | string |
(optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This
is mutually exclusive with the Branch setting. Either value needs to be specified. |
false |
| config | map[string]string |
(optional) Config is the configuration for this stack, which can be optionally specified inline. If this
is omitted, configuration is assumed to be checked in and taken from the source repository. |
false |
| continueResyncOnCommitMatch | boolean |
(optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying
to update stacks even if the revision of the source matches. This might be useful in
environments where Pulumi programs have dynamic elements for example, calls to internal APIs
where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a
particular revision is successfully run, the operator will not attempt to rerun the program
at that revision again. |
false |
| destroyOnFinalize | boolean |
(optional) DestroyOnFinalize can be set to true to destroy the stack completely upon deletion of the Stack custom resource. |
false |
| envRefs | map[string]object |
(optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where
the variables' values should be loaded from (one of literal, environment variable, file on the
filesystem, or Kubernetes Secret) as values. |
false |
| envSecrets | []string |
(optional) SecretEnvs is an optional array of Secret names containing environment variables to set.
Deprecated: use EnvRefs instead. |
false |
| envs | []string |
(optional) Envs is an optional array of config maps containing environment variables to set.
Deprecated: use EnvRefs instead. |
false |
| expectNoRefreshChanges | boolean |
(optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have
changes during a refresh before the update is run.
This could occur, for example, is a resource's state is changing outside of Pulumi
(e.g., metadata, timestamps). |
false |
| fluxSource | object |
FluxSource specifies how to fetch source code from a Flux source object. |
false |
| gitAuth | object |
(optional) GitAuth allows configuring git authentication options
There are 3 different authentication options:
* SSH private key (and its optional password)
* Personal access token
* Basic auth username and password
Only one authentication mode will be considered if more than one option is specified,
with ssh private key/password preferred first, then personal access token, and finally
basic auth credentials. |
false |
| gitAuthSecret | string |
(optional) GitAuthSecret is the the name of a Secret containing an
authentication option for the git repository.
There are 3 different authentication options:
* Personal access token
* SSH private key (and it's optional password)
* Basic auth username and password
Only one authentication mode will be considered if more than one option is specified,
with ssh private key/password preferred first, then personal access token, and finally
basic auth credentials.
Deprecated. Use GitAuth instead. |
false |
| prerequisites | []object |
(optional) Prerequisites is a list of references to other stacks, each with a constraint on
how long ago it must have succeeded. This can be used to make sure e.g., state is
re-evaluated before running a stack that depends on it. |
false |
| programRef | object |
ProgramRef refers to a Program object, to be used as the source for the stack. |
false |
| projectRepo | string |
ProjectRepo is the git source control repository from which we fetch the project code and configuration. |
false |
| refresh | boolean |
(optional) Refresh can be set to true to refresh the stack before it is updated. |
false |
| repoDir | string |
(optional) RepoDir is the directory to work from in the project's source repository
where Pulumi.yaml is located. It is used in case Pulumi.yaml is not
in the project source root. |
false |
| resyncFrequencySeconds | integer |
(optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at
the specified frequency even if no changes to the custom resource are detected.
If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency.
The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds. Format: int64 |
false |
| retryOnUpdateConflict | boolean |
(optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop
in the event that the update hits a HTTP 409 conflict due to
another update in progress.
This is only recommended if you are sure that the stack updates are
idempotent, and if you are willing to accept retry loops until
all spawned retries succeed. This will also create a more populated,
and randomized activity timeline for the stack in the Pulumi Service. |
false |
| secrets | map[string]string |
(optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this
is omitted, secrets configuration is assumed to be checked in and taken from the source repository.
Deprecated: use SecretRefs instead. |
false |
| secretsProvider | string |
(optional) SecretsProvider is used to initialize a Stack with alternative encryption.
Examples:
- AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1"
- Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname"
- GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY"
See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption |
false |
| secretsRef | map[string]object |
(optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef.
If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. |
false |
| targets | []string |
(optional) Targets is a list of URNs of resources to update exclusively. If supplied, only
resources mentioned will be updated. |
false |
| useLocalStackOnly | boolean |
(optional) UseLocalStackOnly can be set to true to prevent the operator from
creating stacks that do not exist in the tracking git repo.
The default behavior is to create a stack if it doesn't exist. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
FluxSource specifies how to fetch source code from a Flux source object.
| Name | Type | Description | Required |
|---|---|---|---|
| sourceRef | object |
|
true |
| dir | string |
Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of
interest, within the fetched source. |
false |
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string |
|
true |
| kind | string |
|
true |
| name | string |
|
true |
(optional) GitAuth allows configuring git authentication options There are 3 different authentication options:
- SSH private key (and its optional password)
- Personal access token
- Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials.
| Name | Type | Description | Required |
|---|---|---|---|
| accessToken | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
false |
| basicAuth | object |
BasicAuth configures git authentication through basic auth —
i.e. username and password. Both UserName and Password are required. |
false |
| sshAuth | object |
SSHAuth configures ssh-based auth for git authentication.
SSHPrivateKey is required but password is optional. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
BasicAuth configures git authentication through basic auth — i.e. username and password. Both UserName and Password are required.
| Name | Type | Description | Required |
|---|---|---|---|
| password | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
true |
| userName | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
true |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional.
| Name | Type | Description | Required |
|---|---|---|---|
| sshPrivateKey | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
true |
| password | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be considered satisfied.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name is the name of the Stack resource that is a prerequisite. |
true |
| requirement | object |
Requirement gives specific requirements for the prerequisite; the base requirement is that
the referenced stack is in a successful state. |
false |
Requirement gives specific requirements for the prerequisite; the base requirement is that the referenced stack is in a successful state.
| Name | Type | Description | Required |
|---|---|---|---|
| succeededWithinDuration | string |
SucceededWithinDuration gives a duration within which the prerequisite must have reached a
succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in
the last hour". Fields (should there ever be more than one) are not intended to be mutually
exclusive. |
false |
ProgramRef refers to a Program object, to be used as the source for the stack.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
StackStatus defines the observed state of Stack
| Name | Type | Description | Required |
|---|---|---|---|
| conditions | []object |
|
false |
| lastUpdate | object |
LastUpdate contains details of the status of the last update. |
false |
| observedGeneration | integer |
ObservedGeneration records the value of .meta.generation at the point the controller last processed this object Format: int64 |
false |
| observedReconcileRequest | string |
ObservedReconcileRequest records the value of the annotation named for
`ReconcileRequestAnnotation` when it was last seen. |
false |
| outputs | map[string]JSON |
Outputs contains the exported stack output variables resulting from a deployment. |
false |
This struct is intended for direct use as an array at the field path .status.conditions. For example,
type FooStatus struct{
// Represents the observations of a foo's current state.
// Known .status.conditions.type are: "Available", "Progressing", and "Degraded"
// +patchMergeKey=type
// +patchStrategy=merge
// +listType=map
// +listMapKey=type
Conditions []metav1.Condition json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"
// other fields
}
| Name | Type | Description | Required |
|---|---|---|---|
| lastTransitionTime | string |
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time |
true |
| message | string |
message is a human readable message indicating details about the transition.
This may be an empty string. |
true |
| reason | string |
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty. |
true |
| status | enum |
status of the condition, one of True, False, Unknown. Enum: True, False, Unknown |
true |
| type | string |
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) |
true |
| observedGeneration | integer |
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance. Format: int64 Minimum: 0 |
false |
LastUpdate contains details of the status of the last update.
| Name | Type | Description | Required |
|---|---|---|---|
| lastAttemptedCommit | string |
Last commit attempted |
false |
| lastResyncTime | string |
LastResyncTime contains a timestamp for the last time a resync of the stack took place. Format: date-time |
false |
| lastSuccessfulCommit | string |
Last commit successfully applied |
false |
| permalink | string |
Permalink is the Pulumi Console URL of the stack operation. |
false |
| state | string |
State is the state of the stack update - one of `succeeded` or `failed` |
false |
Resource Types:
Stack is the Schema for the stacks API. Deprecated: Note Stacks from pulumi.com/v1alpha1 is deprecated in favor of pulumi.com/v1. It is completely backward compatible. Users are strongly encouraged to switch to pulumi.com/v1.
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string | pulumi.com/v1alpha1 | true |
| kind | string | Stack | true |
| metadata | object | Refer to the Kubernetes API documentation for the fields of the `metadata` field. | true |
| spec | object |
StackSpec defines the desired state of Pulumi Stack being managed by this operator. |
false |
| status | object |
StackStatus defines the observed state of Stack |
false |
StackSpec defines the desired state of Pulumi Stack being managed by this operator.
| Name | Type | Description | Required |
|---|---|---|---|
| stack | string |
Stack is the fully qualified name of the stack to deploy (/). |
true |
| accessTokenSecret | string |
(optional) AccessTokenSecret is the name of a Secret containing the PULUMI_ACCESS_TOKEN for Pulumi access.
Deprecated: use EnvRefs with a "secret" entry with the key PULUMI_ACCESS_TOKEN instead. |
false |
| backend | string |
(optional) Backend is an optional backend URL to use for all Pulumi operations. Examples: - Pulumi Service: "https://app.pulumi.com" (default) - Self-managed Pulumi Service: "https://pulumi.acmecorp.com" - Local: "file://./einstein" - AWS: "s3://" - Azure: "azblob://" - GCP: "gs://" See: https://www.pulumi.com/docs/intro/concepts/state/ |
false |
| branch | string |
(optional) Branch is the branch name to deploy, either the simple or fully qualified ref name, e.g. refs/heads/master. This
is mutually exclusive with the Commit setting. Either value needs to be specified.
When specified, the operator will periodically poll to check if the branch has any new commits.
The frequency of the polling is configurable through ResyncFrequencySeconds, defaulting to every 60 seconds. |
false |
| commit | string |
(optional) Commit is the hash of the commit to deploy. If used, HEAD will be in detached mode. This
is mutually exclusive with the Branch setting. Either value needs to be specified. |
false |
| config | map[string]string |
(optional) Config is the configuration for this stack, which can be optionally specified inline. If this
is omitted, configuration is assumed to be checked in and taken from the source repository. |
false |
| continueResyncOnCommitMatch | boolean |
(optional) ContinueResyncOnCommitMatch - when true - informs the operator to continue trying
to update stacks even if the revision of the source matches. This might be useful in
environments where Pulumi programs have dynamic elements for example, calls to internal APIs
where GitOps style commit tracking is not sufficient. Defaults to false, i.e. when a
particular revision is successfully run, the operator will not attempt to rerun the program
at that revision again. |
false |
| destroyOnFinalize | boolean |
(optional) DestroyOnFinalize can be set to true to destroy the stack completely upon deletion of the Stack custom resource. |
false |
| envRefs | map[string]object |
(optional) EnvRefs is an optional map containing environment variables as keys and stores descriptors to where
the variables' values should be loaded from (one of literal, environment variable, file on the
filesystem, or Kubernetes Secret) as values. |
false |
| envSecrets | []string |
(optional) SecretEnvs is an optional array of Secret names containing environment variables to set.
Deprecated: use EnvRefs instead. |
false |
| envs | []string |
(optional) Envs is an optional array of config maps containing environment variables to set.
Deprecated: use EnvRefs instead. |
false |
| expectNoRefreshChanges | boolean |
(optional) ExpectNoRefreshChanges can be set to true if a stack is not expected to have
changes during a refresh before the update is run.
This could occur, for example, is a resource's state is changing outside of Pulumi
(e.g., metadata, timestamps). |
false |
| fluxSource | object |
FluxSource specifies how to fetch source code from a Flux source object. |
false |
| gitAuth | object |
(optional) GitAuth allows configuring git authentication options
There are 3 different authentication options:
* SSH private key (and its optional password)
* Personal access token
* Basic auth username and password
Only one authentication mode will be considered if more than one option is specified,
with ssh private key/password preferred first, then personal access token, and finally
basic auth credentials. |
false |
| gitAuthSecret | string |
(optional) GitAuthSecret is the the name of a Secret containing an
authentication option for the git repository.
There are 3 different authentication options:
* Personal access token
* SSH private key (and it's optional password)
* Basic auth username and password
Only one authentication mode will be considered if more than one option is specified,
with ssh private key/password preferred first, then personal access token, and finally
basic auth credentials.
Deprecated. Use GitAuth instead. |
false |
| prerequisites | []object |
(optional) Prerequisites is a list of references to other stacks, each with a constraint on
how long ago it must have succeeded. This can be used to make sure e.g., state is
re-evaluated before running a stack that depends on it. |
false |
| programRef | object |
ProgramRef refers to a Program object, to be used as the source for the stack. |
false |
| projectRepo | string |
ProjectRepo is the git source control repository from which we fetch the project code and configuration. |
false |
| refresh | boolean |
(optional) Refresh can be set to true to refresh the stack before it is updated. |
false |
| repoDir | string |
(optional) RepoDir is the directory to work from in the project's source repository
where Pulumi.yaml is located. It is used in case Pulumi.yaml is not
in the project source root. |
false |
| resyncFrequencySeconds | integer |
(optional) ResyncFrequencySeconds when set to a non-zero value, triggers a resync of the stack at
the specified frequency even if no changes to the custom resource are detected.
If branch tracking is enabled (branch is non-empty), commit polling will occur at this frequency.
The minimal resync frequency supported is 60 seconds. The default value for this field is 60 seconds. Format: int64 |
false |
| retryOnUpdateConflict | boolean |
(optional) RetryOnUpdateConflict issues a stack update retry reconciliation loop
in the event that the update hits a HTTP 409 conflict due to
another update in progress.
This is only recommended if you are sure that the stack updates are
idempotent, and if you are willing to accept retry loops until
all spawned retries succeed. This will also create a more populated,
and randomized activity timeline for the stack in the Pulumi Service. |
false |
| secrets | map[string]string |
(optional) Secrets is the secret configuration for this stack, which can be optionally specified inline. If this
is omitted, secrets configuration is assumed to be checked in and taken from the source repository.
Deprecated: use SecretRefs instead. |
false |
| secretsProvider | string |
(optional) SecretsProvider is used to initialize a Stack with alternative encryption.
Examples:
- AWS: "awskms:///arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34bc-56ef-1234567890ab?region=us-east-1"
- Azure: "azurekeyvault://acmecorpvault.vault.azure.net/keys/mykeyname"
- GCP: "gcpkms://projects/MYPROJECT/locations/MYLOCATION/keyRings/MYKEYRING/cryptoKeys/MYKEY"
See: https://www.pulumi.com/docs/intro/concepts/secrets/#initializing-a-stack-with-alternative-encryption |
false |
| secretsRef | map[string]object |
(optional) SecretRefs is the secret configuration for this stack which can be specified through ResourceRef.
If this is omitted, secrets configuration is assumed to be checked in and taken from the source repository. |
false |
| targets | []string |
(optional) Targets is a list of URNs of resources to update exclusively. If supplied, only
resources mentioned will be updated. |
false |
| useLocalStackOnly | boolean |
(optional) UseLocalStackOnly can be set to true to prevent the operator from
creating stacks that do not exist in the tracking git repo.
The default behavior is to create a stack if it doesn't exist. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
FluxSource specifies how to fetch source code from a Flux source object.
| Name | Type | Description | Required |
|---|---|---|---|
| sourceRef | object |
|
true |
| dir | string |
Dir gives the subdirectory containing the Pulumi project (i.e., containing Pulumi.yaml) of
interest, within the fetched source. |
false |
| Name | Type | Description | Required |
|---|---|---|---|
| apiVersion | string |
|
true |
| kind | string |
|
true |
| name | string |
|
true |
(optional) GitAuth allows configuring git authentication options There are 3 different authentication options:
- SSH private key (and its optional password)
- Personal access token
- Basic auth username and password Only one authentication mode will be considered if more than one option is specified, with ssh private key/password preferred first, then personal access token, and finally basic auth credentials.
| Name | Type | Description | Required |
|---|---|---|---|
| accessToken | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
false |
| basicAuth | object |
BasicAuth configures git authentication through basic auth —
i.e. username and password. Both UserName and Password are required. |
false |
| sshAuth | object |
SSHAuth configures ssh-based auth for git authentication.
SSHPrivateKey is required but password is optional. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
BasicAuth configures git authentication through basic auth — i.e. username and password. Both UserName and Password are required.
| Name | Type | Description | Required |
|---|---|---|---|
| password | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
true |
| userName | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
true |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
SSHAuth configures ssh-based auth for git authentication. SSHPrivateKey is required but password is optional.
| Name | Type | Description | Required |
|---|---|---|---|
| sshPrivateKey | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
true |
| password | object |
ResourceRef identifies a resource from which information can be loaded.
Environment variables, files on the filesystem, Kubernetes Secrets and literal
strings are currently supported. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
PrerequisiteRef refers to another stack, and gives requirements for the prerequisite to be considered satisfied.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name is the name of the Stack resource that is a prerequisite. |
true |
| requirement | object |
Requirement gives specific requirements for the prerequisite; the base requirement is that
the referenced stack is in a successful state. |
false |
Requirement gives specific requirements for the prerequisite; the base requirement is that the referenced stack is in a successful state.
| Name | Type | Description | Required |
|---|---|---|---|
| succeededWithinDuration | string |
SucceededWithinDuration gives a duration within which the prerequisite must have reached a
succeeded state; e.g., "1h" means "the prerequisite must be successful, and have become so in
the last hour". Fields (should there ever be more than one) are not intended to be mutually
exclusive. |
false |
ProgramRef refers to a Program object, to be used as the source for the stack.
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
|
true |
ResourceRef identifies a resource from which information can be loaded. Environment variables, files on the filesystem, Kubernetes Secrets and literal strings are currently supported.
| Name | Type | Description | Required |
|---|---|---|---|
| type | string |
SelectorType is required and signifies the type of selector. Must be one of:
Env, FS, Secret, Literal |
true |
| env | object |
Env selects an environment variable set on the operator process |
false |
| filesystem | object |
FileSystem selects a file on the operator's file system |
false |
| literal | object |
LiteralRef refers to a literal value |
false |
| secret | object |
SecretRef refers to a Kubernetes Secret |
false |
Env selects an environment variable set on the operator process
| Name | Type | Description | Required |
|---|---|---|---|
| name | string |
Name of the environment variable |
true |
FileSystem selects a file on the operator's file system
| Name | Type | Description | Required |
|---|---|---|---|
| path | string |
Path on the filesystem to use to load information from. |
true |
LiteralRef refers to a literal value
| Name | Type | Description | Required |
|---|---|---|---|
| value | string |
Value to load |
true |
SecretRef refers to a Kubernetes Secret
| Name | Type | Description | Required |
|---|---|---|---|
| key | string |
Key within the Secret to use. |
true |
| name | string |
Name of the Secret |
true |
| namespace | string |
Namespace where the Secret is stored. Deprecated; non-empty values will be considered invalid
unless namespace isolation is disabled in the controller. |
false |
StackStatus defines the observed state of Stack
| Name | Type | Description | Required |
|---|---|---|---|
| lastUpdate | object |
LastUpdate contains details of the status of the last update. |
false |
| outputs | map[string]JSON |
Outputs contains the exported stack output variables resulting from a deployment. |
false |
LastUpdate contains details of the status of the last update.
| Name | Type | Description | Required |
|---|---|---|---|
| lastAttemptedCommit | string |
Last commit attempted |
false |
| lastResyncTime | string |
LastResyncTime contains a timestamp for the last time a resync of the stack took place. Format: date-time |
false |
| lastSuccessfulCommit | string |
Last commit successfully applied |
false |
| permalink | string |
Permalink is the Pulumi Console URL of the stack operation. |
false |
| state | string |
State is the state of the stack update - one of `succeeded` or `failed` |
false |