Provider
Provider is the schema for provider definitions in terraform controller
Version v1alpha1
Properties
.apiVersion
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
.kind
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
.metadata
.spec
ProviderSpec defines the desired state of a provider
.spec.configuration
Configuration is optional configuration to the provider. This is terraform provider specific.
.spec.provider
ProviderType defines the cloud provider which is being used, currently supported providers are aws, google or azurerm.
.spec.secretRef
SecretRef is a reference to a kubernetes secret. This is required only when using the source: secret. The secret should include the environment variables required to by the terraform provider.
.spec.secretRef.name
name is unique within a namespace to reference a secret resource.
.spec.secretRef.namespace
namespace defines the space within which the secret name must be unique.
.spec.selector
Selector provider the ability to filter who can use this provider. If empty, all users in the cluster is permitted to use the provider. Otherrise you can specify a selector which can use namespace and resource labels
.spec.selector.namespace
Namespace is used to filter a configuration based on the namespace labels of where it exists
.spec.selector.namespace.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
.spec.selector.namespace.matchExpressions[*]
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
.spec.selector.namespace.matchExpressions[*].key
key is the label key that the selector applies to.
.spec.selector.namespace.matchExpressions[*].operator
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
.spec.selector.namespace.matchExpressions[*].values
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
.spec.selector.namespace.matchExpressions[*].values[*]
.spec.selector.namespace.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.
.spec.selector.resource
Resource provides the ability to filter a configuration based on it’s labels
.spec.selector.resource.matchExpressions
matchExpressions is a list of label selector requirements. The requirements are ANDed.
.spec.selector.resource.matchExpressions[*]
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
.spec.selector.resource.matchExpressions[*].key
key is the label key that the selector applies to.
.spec.selector.resource.matchExpressions[*].operator
operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
.spec.selector.resource.matchExpressions[*].values
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
.spec.selector.resource.matchExpressions[*].values[*]
.spec.selector.resource.matchLabels
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed.
.spec.serviceAccount
ServiceAccount is the name of a service account to use when the provider source is ‘injected’. The service account should exist in the terraform controller namespace and be configure per cloud vendor requirements for pod identity.
.spec.source
Source defines the type of credentials the provider is wrapper, this could be wrapping a static secret or using a managed identity. The currently supported values are secret and injected.
.spec.summary
Summary provides a human readable description of the provider
.status
ProviderStatus defines the observed state of a provider
.status.conditions
Conditions represents the observations of the resource’s current state.
.status.conditions[*]
Condition is the current observed condition of some aspect of a resource
.status.conditions[*].detail
Detail is any additional human-readable detail to understand this condition, for example, the full underlying error which caused an issue
.status.conditions[*].lastTransitionTime
LastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
.status.conditions[*].message
Message is a human readable message indicating details about the transition. This may be an empty string.
.status.conditions[*].name
Name is a human-readable name for this condition.
.status.conditions[*].observedGeneration
ObservedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
.status.conditions[*].reason
Reason contains a programmatic identifier indicating the reason for the condition’s last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
.status.conditions[*].status
Status of the condition, one of True, False, Unknown.
.status.conditions[*].type
Type of condition in CamelCase or in foo.example.com/CamelCase. — Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
.status.lastReconcile
LastReconcile describes the generation and time of the last reconciliation
.status.lastReconcile.generation
Generation is the generation reconciled on the last reconciliation
.status.lastReconcile.time
Time is the last time the resource was reconciled
.status.lastSuccess
LastSuccess descibes the generation and time of the last reconciliation which resulted in a Success status
.status.lastSuccess.generation
Generation is the generation reconciled on the last reconciliation
.status.lastSuccess.time
Time is the last time the resource was reconciled