API Reference

Packages

infra.contrib.fluxcd.io/v1alpha2

infra.contrib.fluxcd.io/v1alpha2

Package v1alpha2 contains API Schema definitions for the infra v1alpha2 API group

Resource Types

Terraform

BackendConfigSpec

BackendConfigSpec is for specifying configuration for Terraform's Kubernetes backend

Appears in: - TerraformSpec

Field	Description	Validation
`disable` boolean	Disable is to completely disable the backend configuration.	Optional: {}
`secretSuffix` string		Optional: {}
`inClusterConfig` boolean		Optional: {}
`customConfiguration` string		Optional: {}
`configPath` string		Optional: {}
`labels` object (keys:string, values:string)		Optional: {}

BackendConfigsReference

Appears in: - TerraformSpec

Field	Description	Validation
`kind` string	Kind of the values referent, valid values are ('Secret', 'ConfigMap').	Enum: [Secret ConfigMap] Required: {}
`name` string	Name of the configs referent. Should reside in the same namespace as the referring resource.	MaxLength: 253 MinLength: 1 Required: {}
`keys` string array	Keys is the data key where a specific value can be found at. Defaults to all keys.	Optional: {}
`optional` boolean	Optional marks this BackendConfigsReference as optional. When set, a not found error for the values reference is ignored, but any Key or transient error will still result in a reconciliation failure.	Optional: {}

BranchPlanner

Appears in: - TerraformSpec

Field	Description	Default	Validation
`enablePathScope` boolean	EnablePathScope specifies if the Branch Planner should or shouldn't check if a Pull Request has changes under `.spec.path`. If enabled extra resources will be created only if there are any changes in terraform files.		Optional: {}

CloudSpec

Appears in: - TerraformSpec

Field	Description	Default	Validation
`organization` string			Required: {}
`workspaces` CloudWorkspacesSpec			Required: {}
`hostname` string			Optional: {}
`token` string			Optional: {}

CloudWorkspacesSpec

Appears in: - CloudSpec

Field	Description	Default	Validation
`name` string			Optional: {}
`tags` string array			Optional: {}

CrossNamespaceSourceReference

CrossNamespaceSourceReference contains enough information to let you locate the typed Kubernetes resource object at cluster level.

Appears in: - TerraformSpec

Field	Description	Validation
`apiVersion` string	API version of the referent.	Optional: {}
`kind` string	Kind of the referent.	Enum: [GitRepository Bucket OCIRepository] Required: {}
`name` string	Name of the referent.	Required: {}
`namespace` string	Namespace of the referent, defaults to the namespace of the Kubernetes resource object that contains the reference.	Optional: {}

FileMapping

Appears in: - TerraformSpec

Field	Description	Validation
`secretRef` SecretKeyReference	Reference to a Secret that contains the file content
`location` string	Location can be either user's home directory or the Terraform workspace	Enum: [home workspace] Required: {}
`path` string	Path of the file - relative to the "location"	Pattern: `^(.?[/_a-zA-Z0-9]\{1,\})*$` Required: {}

ForceUnlockEnum

Underlying type: string

Appears in: - TFStateSpec

Value	Description
`auto`
`yes`
`no`

HealthCheck

HealthCheck contains configuration needed to perform a health check after terraform is applied.

Appears in: - TerraformSpec

Field	Description	Default	Validation
`name` string	Name of the health check.		MaxLength: 253 MinLength: 1 Required: {}
`type` string	Type of the health check, valid values are ('tcp', 'http'). If tcp is specified, address is required. If http is specified, url is required.		Enum: [tcp http] Required: {}
`url` string	URL to perform http health check on. Required when http type is specified. Go template can be used to reference values from the terraform output (e.g. https://example.org, {{.output_url}}).		Optional: {}
`address` string	Address to perform tcp health check on. Required when tcp type is specified. Go template can be used to reference values from the terraform output (e.g. 127.0.0.1:8080, {{.address}}:{{.port}}).		Optional: {}
`timeout` Duration	The timeout period at which the connection should timeout if unable to complete the request. When not specified, default 20s timeout is used.	20s	Optional: {}

LockStatus

LockStatus defines the observed state of a Terraform State Lock

Appears in: - TerraformStatus

Field	Description	Default	Validation
`lastApplied` string			Optional: {}
`pending` string	Pending holds the identifier of the Lock Holder to be used with Force Unlock		Optional: {}

PlanStatus

Appears in: - TerraformStatus

Field	Description	Default	Validation
`lastApplied` string			Optional: {}
`pending` string			Optional: {}
`isDestroyPlan` boolean			Optional: {}
`isDriftDetectionPlan` boolean			Optional: {}

ReadInputsFromSecretSpec

Appears in: - TerraformSpec

Field	Description	Default	Validation
`name` string			Required: {}
`as` string			Required: {}

Remediation

Appears in: - TerraformSpec

Field	Description	Default	Validation
`retries` integer	Retries is the number of retries that should be attempted on failures before bailing. Defaults to '0', a negative integer denotes unlimited retries.		Optional: {}

ResourceInventory

ResourceInventory contains a list of Kubernetes resource object references that have been applied by a Kustomization.

Appears in: - TerraformStatus

Field	Description	Default	Validation
`entries` ResourceRef array	Entries of Kubernetes resource object references.

ResourceRef

ResourceRef contains the information necessary to locate a resource within a cluster.

Appears in: - ResourceInventory

Field	Description	Default	Validation
`n` string	Terraform resource's name.
`t` string	Type is Terraform resource's type
`id` string	ID is the resource identifier. This is cloud-specific. For example, ARN is an ID on AWS.

RetryStrategyEnum

Underlying type: string

Appears in: - TerraformSpec

Value	Description
`StaticInterval`
`ExponentialBackoff`

RunnerPodMetadata

Appears in: - RunnerPodTemplate

Field	Description	Default	Validation
`labels` object (keys:string, values:string)	Labels to add to the runner pod		Optional: {}
`annotations` object (keys:string, values:string)	Annotations to add to the runner pod		Optional: {}

RunnerPodSpec

Appears in: - RunnerPodTemplate

Field	Description	Validation
`image` string	Runner pod image to use other than default	Optional: {}
`envFrom` EnvFromSource array	List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.	Optional: {}
`env` EnvVar array	List of environment variables to set in the container. Cannot be updated.	Optional: {}
`nodeSelector` object (keys:string, values:string)	Set the NodeSelector for the Runner Pod	Optional: {}
`affinity` Affinity	Set the Affinity for the Runner Pod	Optional: {}
`tolerations` Toleration array	Set the Tolerations for the Runner Pod	Optional: {}
`volumeMounts` VolumeMount array	Set Volume Mounts for the Runner Pod	Optional: {}
`volumes` Volume array	Set Volumes for the Runner Pod	Optional: {}
`initContainers` Container array	Set up Init Containers for the Runner	Optional: {}
`hostAliases` HostAlias array	Set host aliases for the Runner Pod	Optional: {}
`priorityClassName` string	Set PriorityClassName for the Runner Pod container	Optional: {}
`securityContext` SecurityContext	Set SecurityContext for the Runner Pod container	Optional: {}
`resources` ResourceRequirements	Set Resources for the Runner Pod container	Optional: {}

RunnerPodTemplate

Appears in: - TerraformSpec

Field	Description	Default	Validation
`metadata` RunnerPodMetadata	Refer to Kubernetes API documentation for fields of `metadata`.		Optional: {}
`spec` RunnerPodSpec			Optional: {}

TFStateSpec

TFStateSpec allows the user to set ForceUnlock

Appears in: - TerraformSpec

Field	Description	Default	Validation
`forceUnlock` ForceUnlockEnum	ForceUnlock a Terraform state if it has become locked for any reason. Defaults to `no`. This is an Enum and has the expected values of: - auto - yes - no WARNING: Only use `auto` in the cases where you are absolutely certain that no other system is using this state, you could otherwise end up in a bad place See https://www.terraform.io/language/state/locking#force-unlock for more information on the terraform state lock and force unlock.	no	Enum: [yes no auto] Optional: {}
`lockIdentifier` string	LockIdentifier holds the Identifier required by Terraform to unlock the state if it ever gets into a locked state. You'll need to put the Lock Identifier in here while setting ForceUnlock to either `yes` or `auto`. Leave this empty to do nothing, set this to the value of the `Lock Info: ID: [value]`, e.g. `f2ab685b-f84d-ac0b-a125-378a22877e8d`, to force unlock the state.		Optional: {}
`lockTimeout` Duration	LockTimeout is a Duration string that instructs Terraform to retry acquiring a lock for the specified period of time before returning an error. The duration syntax is a number followed by a time unit letter, such as `3s` for three seconds. Defaults to `0s` which will behave as though `LockTimeout` was not set	0s	Optional: {}

Terraform

Terraform is the Schema for the terraforms API

Field	Description	Default
`apiVersion` string	`infra.contrib.fluxcd.io/v1alpha2`
`kind` string	`Terraform`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` TerraformSpec
`status` TerraformStatus		{ observedGeneration:-1 }

TerraformSpec

TerraformSpec defines the desired state of Terraform

Appears in: - Terraform

Field	Description	Default	Validation
`approvePlan` string	ApprovePlan specifies name of a plan wanted to approve. If its value is "auto", the controller will automatically approve every plan.		Optional: {}
`destroy` boolean	Destroy produces a destroy plan. Applying the plan will destroy all resources.		Optional: {}
`backendConfig` BackendConfigSpec			Optional: {}
`backendConfigsFrom` BackendConfigsReference array			Optional: {}
`cloud` CloudSpec			Optional: {}
`workspace` string		default	Optional: {}
`vars` Variable array	List of input variables to set for the Terraform program.		Optional: {}
`varsFrom` VarsReference array	List of references to a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey. Values of the later Secret / ConfigMap with the same keys will override those of the former.		Optional: {}
`values` JSON	Values map to the Terraform variable "values", which is an object of arbitrary values. It is a convenient way to pass values to Terraform resources without having to define a variable for each value. To use this feature, your Terraform file must define the variable "values".		Optional: {}
`tfVarsFiles` string array	TfVarsFiles loads all given .tfvars files. It copycats the -var-file functionality.		Optional: {}
`fileMappings` FileMapping array	List of all configuration files to be created in initialization.		Optional: {}
`interval` Duration	The interval at which to reconcile the Terraform.		Required: {}
`retryInterval` Duration	The interval at which to retry a previously failed reconciliation. The default value is 15 when not specified.		Optional: {}
`retryStrategy` RetryStrategyEnum	The strategy to use when retrying a previously failed reconciliation. The default strategy is StaticInterval and the retry interval is based on the RetryInterval value. The ExponentialBackoff strategy uses the formula: 2^reconciliationFailures * RetryInterval with a maximum requeue duration of MaxRetryInterval.	StaticInterval	Enum: [StaticInterval ExponentialBackoff] Optional: {}
`maxRetryInterval` Duration	The maximum requeue duration after a previously failed reconciliation. Only applicable when RetryStrategy is set to ExponentialBackoff. The default value is 24 hours when not specified.		Optional: {}
`path` string	Path to the directory containing Terraform (.tf) files. Defaults to 'None', which translates to the root path of the SourceRef.		Optional: {}
`sourceRef` CrossNamespaceSourceReference	SourceRef is the reference of the source where the Terraform files are stored.		Required: {}
`suspend` boolean	Suspend is to tell the controller to suspend subsequent TF executions, it does not apply to already started executions. Defaults to false.		Optional: {}
`force` boolean	Force instructs the controller to unconditionally re-plan and re-apply TF resources. Defaults to false.	false	Optional: {}
`readInputsFromSecrets` ReadInputsFromSecretSpec array			Optional: {}
`writeOutputsToSecret` WriteOutputsToSecretSpec	A list of target secrets for the outputs to be written as.		Optional: {}
`disableDriftDetection` boolean	Disable automatic drift detection. Drift detection may be resource intensive in the context of a large cluster or complex Terraform statefile. Defaults to false.	false	Optional: {}
`cliConfigSecretRef` SecretReference			Optional: {}
`healthChecks` HealthCheck array	List of health checks to be performed.		Optional: {}
`destroyResourcesOnDeletion` boolean	Create destroy plan and apply it to destroy terraform resources upon deletion of this object. Defaults to false.	false	Optional: {}
`serviceAccountName` string	Name of a ServiceAccount for the runner Pod to provision Terraform resources. Default to tf-runner.	tf-runner	Optional: {}
`alwaysCleanupRunnerPod` boolean	Clean the runner pod up after each reconciliation cycle	true	Optional: {}
`runnerTerminationGracePeriodSeconds` integer	Configure the termination grace period for the runner pod. Use this parameter to allow the Terraform process to gracefully shutdown. Consider increasing for large, complex or slow-moving Terraform managed resources.	30	Optional: {}
`upgradeOnInit` boolean	UpgradeOnInit configures to upgrade modules and providers on initialization of a stack	true	Optional: {}
`refreshBeforeApply` boolean	RefreshBeforeApply forces refreshing of the state before the apply step.	false	Optional: {}
`runnerPodTemplate` RunnerPodTemplate			Optional: {}
`enableInventory` boolean	EnableInventory enables the object to store resource entries as the inventory for external use.		Optional: {}
`tfstate` TFStateSpec			Optional: {}
`targets` string array	Targets specify the resource, module or collection of resources to target.		Optional: {}
`parallelism` integer	Parallelism limits the number of concurrent operations of Terraform apply step. Zero (0) means using the default value.	0	Optional: {}
`storeReadablePlan` string	StoreReadablePlan enables storing the plan in a readable format.	none	Enum: [none json human] Optional: {}
`webhooks` Webhook array			Optional: {}
`dependsOn` NamespacedObjectReference array			Optional: {}
`enterprise` JSON	Enterprise is the enterprise configuration placeholder.		Optional: {}
`planOnly` boolean	PlanOnly specifies if the reconciliation should or should not stop at plan phase.		Optional: {}
`breakTheGlass` boolean	BreakTheGlass specifies if the reconciliation should stop and allow interactive shell in case of emergency.		Optional: {}
`branchPlanner` BranchPlanner	BranchPlanner configuration.		Optional: {}
`remediation` Remediation	Remediation specifies what the controller should do when reconciliation fails. The default is to not perform any action.		Optional: {}

TerraformStatus

TerraformStatus defines the observed state of Terraform

Appears in: - Terraform

Field	Description	Validation
`lastHandledReconcileAt` string	LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.	Optional: {}
`observedGeneration` integer	ObservedGeneration is the last reconciled generation.	Optional: {}
`conditions` Condition array		Optional: {}
`lastAppliedRevision` string	The last successfully applied revision. The revision format for Git sources is /.	Optional: {}
`lastAttemptedRevision` string	LastAttemptedRevision is the revision of the last reconciliation attempt.	Optional: {}
`lastPlannedRevision` string	LastPlannedRevision is the revision used by the last planning process. The result could be either no plan change or a new plan generated.	Optional: {}
`lastPlanAt` Time	LastPlanAt is the time when the last terraform plan was performed	Optional: {}
`lastDriftDetectedAt` Time	LastDriftDetectedAt is the time when the last drift was detected	Optional: {}
`lastAppliedByDriftDetectionAt` Time	LastAppliedByDriftDetectionAt is the time when the last drift was detected and terraform apply was performed as a result	Optional: {}
`availableOutputs` string array		Optional: {}
`plan` PlanStatus		Optional: {}
`inventory` ResourceInventory	Inventory contains the list of Terraform resource object references that have been successfully applied.	Optional: {}
`lock` LockStatus		Optional: {}
`reconciliationFailures` integer	ReconciliationFailures is the number of reconciliation failures since the last success or update.	Optional: {}

Variable

Appears in: - TerraformSpec

Field	Description	Validation
`name` string	Name is the name of the variable	Required: {}
`value` JSON		Optional: {}
`valueFrom` EnvVarSource		Optional: {}

VarsReference

VarsReference contain a reference of a Secret or a ConfigMap to generate variables for Terraform resources based on its data, selectively by varsKey.

Appears in: - TerraformSpec

Field	Description	Validation
`kind` string	Kind of the values referent, valid values are ('Secret', 'ConfigMap').	Enum: [Secret ConfigMap] Required: {}
`name` string	Name of the values referent. Should reside in the same namespace as the referring resource.	MaxLength: 253 MinLength: 1 Required: {}
`varsKeys` string array	VarsKeys is the data key at which a specific value can be found. Defaults to all keys.	Optional: {}
`optional` boolean	Optional marks this VarsReference as optional. When set, a not found error for the values reference is ignored, but any VarsKey or transient error will still result in a reconciliation failure.	Optional: {}

Webhook

Appears in: - TerraformSpec

Field	Default	Validation
`stage` string	post-planning	Enum: [post-planning] Required: {}
`enabled` boolean	true	Optional: {}
`url` string		Required: {}
`payloadType` string	SpecAndPlan	Optional: {}
`errorMessageTemplate` string		Optional: {}
`testExpression` string		Required: {}

WriteOutputsToSecretSpec

WriteOutputsToSecretSpec defines where to store outputs, and which outputs to be stored.

Appears in: - TerraformSpec

Field	Description	Validation
`name` string	Name is the name of the Secret to be written	Required: {}
`labels` object (keys:string, values:string)	Labels to add to the outputted secret	Optional: {}
`annotations` object (keys:string, values:string)	Annotations to add to the outputted secret	Optional: {}
`outputs` string array	Outputs contain the selected names of outputs to be written to the secret. Empty array means writing all outputs, which is default.	Optional: {}