Skip to main content

Bucket

TypeComponent

The Bucket component creates a Flux Bucket resource that you can use to store and retrieve objects. Check out the official Bucket documentation for more information.

Example Usage

A Bucket that is configured for AWS S3.

apiVersion: spectrocloud.com/v1beta1
kind: WorkloadProfile
metadata:
name: 'my-bucket'
namespace: 'app-ns'
spec:
workload:
components:
- name: 'my-bucket'
type: 'bucket'
properties:
bucketName: 'demo-bucket'
endpoint: 's3.amazonaws.com'
interval: '5m0s'
region: 'us-east-1'
provider: 'aws'
timeout: '30s'
secretRef:
name: 'aws-credentials'
---
apiVersion: v1
kind: Secret
metadata:
name: 'aws-credentials'
namespace: 'app-ns'
type: Opaque
data:
accesskey: '************'
secretkey: '************'

Parameters

Parameter
Type
Required
DefaultDescription
bucketNamestringYes

BucketName is the name of the object storage bucket.

endpointstringYes

Endpoint is the object storage address the BucketName is located at.

intervalstringYes

Interval at which the Bucket Endpoint is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.

annotationsmapNo

Annotations for the workload

certSecretRefobjectNo

CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (tls.crt) and private key (tls.key); - a PEM-encoded CA certificate (ca.crt) and whichever are supplied, will be used for connecting to the bucket. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type Opaque or kubernetes.io/tls. This field is only supported for the generic provider.

ignorestringNo

Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.

insecurebooleanNo

Insecure allows connecting to a non-TLS HTTP Endpoint.

labelsmapNo

Labels for the workload

prefixstringNo

Prefix to use for server-side filtering of files in the Bucket.

providerstringNo

"generic"

Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API) compatible object storage.

proxySecretRefobjectNo

ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the Bucket server.

regionstringNo

Region of the Endpoint where the BucketName is located in.

secretRefobjectNo

SecretRef specifies the Secret containing authentication credentials for the Bucket.

stsobjectNo

STS specifies the required configuration to use a Security Token Service for fetching temporary credentials to authenticate in a Bucket provider. This field is only supported for the aws and generic providers.

suspendbooleanNo

Suspend tells the controller to suspend the reconciliation of this Bucket.

timeoutstringNo

"60s"

Timeout for fetch operations, defaults to 60s.

Template

The following tabs display the definition's Cue template and the rendered YAML. The rendered YAML is the output of the Cue template when the definition is applied to a cluster.

bucket: {
type: "component"
description: "Bucket is the Schema for the buckets API."
labels: {
"componentdefinition.spectrocloud.com/type": "application"
"wl.spectrocloud.com/provider": "source.toolkit.fluxcd.io"
"definition.spectrocloud.com/category": "Flux"
}
attributes: {
status: {
healthPolicy: {
ready: {
readyCondition: *false | bool
} & {
if context.output.status.conditions != _|_ {
for condition in context.output.status.conditions {
if condition.type == "Ready" && condition.status == "True" {
readyCondition: true
}
}
}
}
_isHealth: ready.readyCondition
isHealth: *_isHealth | bool
if context.output.metadata.annotations != _|_ {
if context.output.metadata.annotations["wl.spectrocloud.com/disable-health-check"] != _|_ {
isHealth: true
}
}
}
}
}
}

template: {
output: {
apiVersion: "source.toolkit.fluxcd.io/v1"
kind: "Bucket"
metadata: {
labels: {
if parameter.labels != _|_ {
parameter.labels
}
"wl.spectrocloud.com/name": context.workloadName
"wl.spectrocloud.com/component": context.name
}
if parameter.annotations != _|_ {
annotations: parameter.annotations
}
}
spec: {
bucketName: parameter.bucketName
if parameter.certSecretRef != _|_ {
certSecretRef: parameter.certSecretRef
}
endpoint: parameter.endpoint
if parameter.ignore != _|_ {
ignore: parameter.ignore
}
if parameter.insecure != _|_ {
insecure: parameter.insecure
}
interval: parameter.interval
if parameter.prefix != _|_ {
prefix: parameter.prefix
}
if parameter.provider != _|_ {
provider: parameter.provider
}
if parameter.proxySecretRef != _|_ {
proxySecretRef: parameter.proxySecretRef
}
if parameter.region != _|_ {
region: parameter.region
}
if parameter.secretRef != _|_ {
secretRef: parameter.secretRef
}
if parameter.sts != _|_ {
sts: parameter.sts
}
if parameter.suspend != _|_ {
suspend: parameter.suspend
}
if parameter.timeout != _|_ {
timeout: parameter.timeout
}
}
}

parameter: {
// +usage=Annotations for the workload
annotations?: [string]: string

// +usage=Labels for the workload
labels?: [string]: string

// +usage=BucketName is the name of the object storage bucket.
bucketName: string

// +usage=CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the bucket. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `generic` provider.
certSecretRef?: {

// +usage=Name of the referent.
name: string
}

// +usage=Endpoint is the object storage address the BucketName is located at.
endpoint: string

// +usage=Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
ignore?: string

// +usage=Insecure allows connecting to a non-TLS HTTP Endpoint.
insecure?: bool

// +usage=Interval at which the Bucket Endpoint is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.
interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$"

// +usage=Prefix to use for server-side filtering of files in the Bucket.
prefix?: string

// +usage=Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API) compatible object storage.
provider?: *"generic" | "aws" | "gcp" | "azure"

// +usage=ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the Bucket server.
proxySecretRef?: {

// +usage=Name of the referent.
name: string
}

// +usage=Region of the Endpoint where the BucketName is located in.
region?: string

// +usage=SecretRef specifies the Secret containing authentication credentials for the Bucket.
secretRef?: {

// +usage=Name of the referent.
name: string
}

// +usage=STS specifies the required configuration to use a Security Token Service for fetching temporary credentials to authenticate in a Bucket provider. This field is only supported for the `aws` and `generic` providers.
sts?: {

// +usage=CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the STS endpoint. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `ldap` provider.
certSecretRef?: {

// +usage=Name of the referent.
name: string
}

// +usage=Endpoint is the HTTP/S endpoint of the Security Token Service from where temporary credentials will be fetched.
endpoint: =~"^(http|https)://.*$"

// +usage=Provider of the Security Token Service.
provider: *"aws" | "ldap"

// +usage=SecretRef specifies the Secret containing authentication credentials for the STS endpoint. This Secret must contain the fields `username` and `password` and is supported only for the `ldap` provider.
secretRef?: {

// +usage=Name of the referent.
name: string
}
}

// +usage=Suspend tells the controller to suspend the reconciliation of this Bucket.
suspend?: bool

// +usage=Timeout for fetch operations, defaults to 60s.
timeout?: *"60s" | =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$"
}
}