Bucket

TypeComponent

The Bucket component creates a Flux Bucket resource that you can use to store and retrieve objects. Check out the official Bucket documentation for more information.

Example Usage

A Bucket that is configured for AWS S3.

apiVersion: spectrocloud.com/v1beta1
kind: WorkloadProfile
metadata:
  name: 'my-bucket'
  namespace: 'app-ns'
spec:
workload:
  components:
    - name: 'my-bucket'
      type: 'bucket'
      properties:
        bucketName: 'demo-bucket'
        endpoint: 's3.amazonaws.com'
        interval: '5m0s'
        region: 'us-east-1'
        provider: 'aws'
        timeout: '30s'
        secretRef:
          name: 'aws-credentials'
---
apiVersion: v1
kind: Secret
metadata:
  name: 'aws-credentials'
  namespace: 'app-ns'
type: Opaque
data:
  accesskey: '************'
  secretkey: '************'

Parameters

Parameter	Type	Required	Default	Description
bucketName	string	Yes		BucketName is the name of the object storage bucket.
endpoint	string	Yes		Endpoint is the object storage address the BucketName is located at.
interval	string	Yes		Interval at which the Bucket Endpoint is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources.
annotations	map	No		Annotations for the workload
certSecretRef	object	No		CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the bucket. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `generic` provider.
ignore	string	No		Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are.
insecure	boolean	No		Insecure allows connecting to a non-TLS HTTP Endpoint.
labels	map	No		Labels for the workload
prefix	string	No		Prefix to use for server-side filtering of files in the Bucket.
provider	string	No	`"generic"`	Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API) compatible object storage.
proxySecretRef	object	No		ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the Bucket server.
region	string	No		Region of the Endpoint where the BucketName is located in.
secretRef	object	No		SecretRef specifies the Secret containing authentication credentials for the Bucket.
sts	object	No		STS specifies the required configuration to use a Security Token Service for fetching temporary credentials to authenticate in a Bucket provider. This field is only supported for the `aws` and `generic` providers.
suspend	boolean	No		Suspend tells the controller to suspend the reconciliation of this Bucket.
timeout	string	No	`"60s"`	Timeout for fetch operations, defaults to 60s.

Template

The following tabs display the definition's Cue template and the rendered YAML. The rendered YAML is the output of the Cue template when the definition is applied to a cluster.

bucket: { type: "component" description: "Bucket is the Schema for the buckets API." labels: { "componentdefinition.spectrocloud.com/type": "application" "wl.spectrocloud.com/provider": "source.toolkit.fluxcd.io" "definition.spectrocloud.com/category": "Flux" } attributes: { status: { healthPolicy: { ready: { readyCondition: *false | bool } & { if context.output.status.conditions != _|_ { for condition in context.output.status.conditions { if condition.type == "Ready" && condition.status == "True" { readyCondition: true } } } } _isHealth: ready.readyCondition isHealth: *_isHealth | bool if context.output.metadata.annotations != _|_ { if context.output.metadata.annotations["wl.spectrocloud.com/disable-health-check"] != _|_ { isHealth: true } } } } } } template: { output: { apiVersion: "source.toolkit.fluxcd.io/v1" kind: "Bucket" metadata: { labels: { if parameter.labels != _|_ { parameter.labels } "wl.spectrocloud.com/name": context.workloadName "wl.spectrocloud.com/component": context.name } if parameter.annotations != _|_ { annotations: parameter.annotations } } spec: { bucketName: parameter.bucketName if parameter.certSecretRef != _|_ { certSecretRef: parameter.certSecretRef } endpoint: parameter.endpoint if parameter.ignore != _|_ { ignore: parameter.ignore } if parameter.insecure != _|_ { insecure: parameter.insecure } interval: parameter.interval if parameter.prefix != _|_ { prefix: parameter.prefix } if parameter.provider != _|_ { provider: parameter.provider } if parameter.proxySecretRef != _|_ { proxySecretRef: parameter.proxySecretRef } if parameter.region != _|_ { region: parameter.region } if parameter.secretRef != _|_ { secretRef: parameter.secretRef } if parameter.sts != _|_ { sts: parameter.sts } if parameter.suspend != _|_ { suspend: parameter.suspend } if parameter.timeout != _|_ { timeout: parameter.timeout } } } parameter: { // +usage=Annotations for the workload annotations?: [string]: string // +usage=Labels for the workload labels?: [string]: string // +usage=BucketName is the name of the object storage bucket. bucketName: string // +usage=CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the bucket. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `generic` provider. certSecretRef?: { // +usage=Name of the referent. name: string } // +usage=Endpoint is the object storage address the BucketName is located at. endpoint: string // +usage=Ignore overrides the set of excluded patterns in the .sourceignore format (which is the same as .gitignore). If not provided, a default will be used, consult the documentation for your version to find out what those are. ignore?: string // +usage=Insecure allows connecting to a non-TLS HTTP Endpoint. insecure?: bool // +usage=Interval at which the Bucket Endpoint is checked for updates. This interval is approximate and may be subject to jitter to ensure efficient use of resources. interval: =~"^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$" // +usage=Prefix to use for server-side filtering of files in the Bucket. prefix?: string // +usage=Provider of the object storage bucket. Defaults to 'generic', which expects an S3 (API) compatible object storage. provider?: *"generic" | "aws" | "gcp" | "azure" // +usage=ProxySecretRef specifies the Secret containing the proxy configuration to use while communicating with the Bucket server. proxySecretRef?: { // +usage=Name of the referent. name: string } // +usage=Region of the Endpoint where the BucketName is located in. region?: string // +usage=SecretRef specifies the Secret containing authentication credentials for the Bucket. secretRef?: { // +usage=Name of the referent. name: string } // +usage=STS specifies the required configuration to use a Security Token Service for fetching temporary credentials to authenticate in a Bucket provider. This field is only supported for the `aws` and `generic` providers. sts?: { // +usage=CertSecretRef can be given the name of a Secret containing either or both of - a PEM-encoded client certificate (`tls.crt`) and private key (`tls.key`); - a PEM-encoded CA certificate (`ca.crt`) and whichever are supplied, will be used for connecting to the STS endpoint. The client cert and key are useful if you are authenticating with a certificate; the CA cert is useful if you are using a self-signed server certificate. The Secret must be of type `Opaque` or `kubernetes.io/tls`. This field is only supported for the `ldap` provider. certSecretRef?: { // +usage=Name of the referent. name: string } // +usage=Endpoint is the HTTP/S endpoint of the Security Token Service from where temporary credentials will be fetched. endpoint: =~"^(http|https)://.*$" // +usage=Provider of the Security Token Service. provider: *"aws" | "ldap" // +usage=SecretRef specifies the Secret containing authentication credentials for the STS endpoint. This Secret must contain the fields `username` and `password` and is supported only for the `ldap` provider. secretRef?: { // +usage=Name of the referent. name: string } } // +usage=Suspend tells the controller to suspend the reconciliation of this Bucket. suspend?: bool // +usage=Timeout for fetch operations, defaults to 60s. timeout?: *"60s" | =~"^([0-9]+(\\.[0-9]+)?(ms|s|m))+$" } }

Example Usage​

Parameters​

Template​

Example Usage

Parameters

Template