Configuration reference

This page describes all configurable fields in the piped configuration.
apiVersion: pipecd.dev/v1beta1
kind: Piped
spec:
  projectID: ...
  pipedID: ...
  ...

Piped Configuration

FieldTypeDescriptionRequired
projectIDstringThe identifier of the PipeCD project where this piped belongs to.Yes
pipedIDstringThe generated ID for this piped.Yes
pipedKeyFilestringThe path to the file containing the generated key string for this piped.Yes
pipedKeyDatastringBase64 encoded string of Piped key. Either pipedKeyFile or pipedKeyData must be set.Yes
apiAddressstringThe address used to connect to the Control Plane’s API in format host:port.Yes
syncIntervaldurationHow often to check whether an application should be synced. Default is 1m.No
appConfigSyncIntervaldurationHow often to check whether application configuration files should be synced. Default is 1m.No
gitGitGit configuration needed for Git commands.No
repositories[]RepositoryList of Git repositories this piped will handle.No
chartRepositories[]ChartRepositoryList of Helm chart repositories that should be added while starting up.No
chartRegistries[]ChartRegistryList of helm chart registries that should be logged in while starting up.No
cloudProviders[]CloudProviderList of cloud providers can be used by this piped. This field is deprecated, use platformProviders instead.No
platformProviders[]PlatformProviderList of platform providers can be used by this piped.No
analysisProviders[]AnalysisProviderList of analysis providers can be used by this piped.No
eventWatcherEventWatcherOptional Event watcher settings.No
secretManagementSecretManagementThe using secret management method.No
notificationsNotificationsSending notifications to Slack, Webhook…No
appSelectormap[string]stringList of labels to filter all applications this piped will handle. Currently, it is only be used to filter the applications suggested for adding from the control plane.No

Git

FieldTypeDescriptionRequired
usernamestringThe username that will be configured for git user. Default is piped.No
emailstringThe email that will be configured for git user. Default is pipecd.dev@gmail.com.No
sshConfigFilePathstringWhere to write ssh config file. Default is $HOME/.ssh/config.No
hoststringThe host name. Default is github.com.No
hostNamestringThe hostname or IP address of the remote git server. Default is the same value with Host.No
sshKeyFilestringThe path to the private ssh key file. This will be used to clone the source code of the specified git repositories.No
sshKeyDatastringBase64 encoded string of SSH key.No

GitRepository

FieldTypeDescriptionRequired
repoIDstringUnique identifier to the repository. This must be unique in the piped scope.Yes
remotestringRemote address of the repository used to clone the source code. e.g. git@github.com:org/repo.gitYes
branchstringThe branch will be handled.Yes

ChartRepository

FieldTypeDescriptionRequired
typestringThe repository type. Currently, HTTP and GIT are supported. Default is HTTP.No
namestringThe name of the Helm chart repository. Note that is not a Git repository but a Helm chart repository.Yes if type is HTTP
addressstringThe address to the Helm chart repository.Yes if type is HTTP
usernamestringUsername used for the repository backed by HTTP basic authentication.No
passwordstringPassword used for the repository backed by HTTP basic authentication.No
insecureboolWhether to skip TLS certificate checks for the repository or not.No
gitRemotestringRemote address of the Git repository used to clone Helm charts.Yes if type is GIT
sshKeyFilestringThe path to the private ssh key file used while cloning Helm charts from above Git repository.No

ChartRegistry

FieldTypeDescriptionRequired
typestringThe registry type. Currently, only OCI is supported. Default is OCI.No
addressstringThe address to the registry.Yes
usernamestringUsername used for the registry authentication.No
passwordstringPassword used for the registry authentication.No

CloudProvider

This field is deprecated, please use PlatformProvider instead.

PlatformProvider

FieldTypeDescriptionRequired
namestringThe name of the platform provider.Yes
typestringThe platform provider type. Must be one of the following values:
KUBERNETES, TERRAFORM, ECS, CLOUDRUN, LAMBDA.		Yes
configPlatformProviderConfigSpecific configuration for the specified type of platform provider.No

PlatformProviderConfig

Must be one of the following structs:

PlatformProviderKubernetesConfig

FieldTypeDescriptionRequired
masterURLstringThe master URL of the kubernetes cluster. Empty means in-cluster.No
kubectlVersionstringVersion of kubectl which will be used to connect to your cluster. Empty means the version set on piped config or default version will be used.No
kubeConfigPathstringThe path to the kubeconfig file. Empty means in-cluster.No
appStateInformerKubernetesAppStateInformerConfiguration for application resource informer.No

PlatformProviderTerraformConfig

FieldTypeDescriptionRequired
vars[]stringList of variables that will be set directly on terraform commands with -var flag. The variable must be formatted by key=value.No
driftDetectionEnabledboolEnable drift detection. This is a temporary option and will be possibly removed in the future release. Default is trueNo

PlatformProviderCloudRunConfig

FieldTypeDescriptionRequired
projectstringThe GCP project hosting the Cloud Run service.Yes
regionstringThe region of running Cloud Run service.Yes
credentialsFilestringThe path to the service account file for accessing Cloud Run service.No

PlatformProviderLambdaConfig

FieldTypeDescriptionRequired
regionstringThe region of running Lambda service.Yes
credentialsFilestringThe path to the credential file for logging into AWS cluster. If this value is not provided, piped will read credential info from environment variables. It expects the format ~/.aws/credentials.No
roleARNstringThe IAM role arn to use when assuming an role. Required if you want to use the AWS SecurityTokenService.No
tokenFilestringThe path to the WebIdentity token the SDK should use to assume a role with. Required if you want to use the AWS SecurityTokenService.No
profilestringThe profile to use for logging into AWS cluster. The default value is default.No

PlatformProviderECSConfig

FieldTypeDescriptionRequired
regionstringThe region of running ECS cluster.Yes
credentialsFilestringThe path to the credential file for logging into AWS cluster. If this value is not provided, piped will read credential info from environment variables. It expects the format ~/.aws/credentialsNo
roleARNstringThe IAM role arn to use when assuming an role. Required if you want to use the AWS SecurityTokenService.No
tokenFilestringThe path to the WebIdentity token the SDK should use to assume a role with. Required if you want to use the AWS SecurityTokenService.No
profilestringThe profile to use for logging into AWS cluster. The default value is default.No

KubernetesAppStateInformer

FieldTypeDescriptionRequired
namespacestringOnly watches the specified namespace. Empty means watching all namespaces.No
includeResources[]KubernetesResourcematcherList of resources that should be added to the watching targets.No
excludeResources[]KubernetesResourcematcherList of resources that should be ignored from the watching targets.No

KubernetesResourceMatcher

FieldTypeDescriptionRequired
apiVersionstringThe APIVersion of the kubernetes resource.Yes
kindstringThe kind name of the kubernetes resource. Empty means all kinds are matching.No

AnalysisProvider

FieldTypeDescriptionRequired
namestringThe unique name of the analysis provider.Yes
typestringThe provider type. Currently, only PROMETHEUS, DATADOG are available.Yes
configAnalysisProviderConfigSpecific configuration for the specified type of analysis provider.Yes

AnalysisProviderConfig

Must be one of the following structs:

AnalysisProviderPrometheusConfig

FieldTypeDescriptionRequired
addressstringThe Prometheus server address.Yes
usernameFilestringThe path to the username file.No
passwordFilestringThe path to the password file.No

AnalysisProviderDatadogConfig

FieldTypeDescriptionRequired
addressstringThe address of Datadog API server. Only “datadoghq.com”, “us3.datadoghq.com”, “datadoghq.eu”, “ddog-gov.com” are available. Defaults to “datadoghq.com”No
apiKeyFilestringThe path to the api key file.Yes
applicationKeyFilestringThe path to the application key file.Yes
apiKeyDatastringBase64 API Key for Datadog API server. Either apiKeyData or apiKeyFile must be setNo
applicationKeyDatastringBase64 Application Key for Datadog API server. Either applicationKeyFile or applicationKeyData must be setNo

EventWatcher

FieldTypeDescriptionRequired
checkIntervaldurationInterval to fetch the latest event and compare it with one defined in EventWatcher config files. Defaults to 1m.No
gitRepos[]EventWatcherGitRepoThe configuration list of git repositories to be observed. Only the repositories in this list will be observed by Piped.No

EventWatcherGitRepo

FieldTypeDescriptionRequired
repoIdstringId of the git repository. This must be unique within the repos’ elements.Yes
commitMessagestringThe commit message used to push after replacing values. Default message is used if not given.No
includes[]stringThe paths to EventWatcher files to be included. Patterns can be used like foo/*.yaml.No
excludes[]stringThe paths to EventWatcher files to be excluded. Patterns can be used like foo/*.yaml. This is prioritized if both includes and this are given.No

SecretManagement

FieldTypeDescriptionRequired
typestringWhich management method should be used. Default is KEY_PAIR.Yes
configSecretManagementConfigConfigration for using secret management method.Yes

SecretManagementConfig

Must be one of the following structs:

SecretManagementKeyPair

FieldTypeDescriptionRequired
privateKeyFilestringPath to the private RSA key file.Yes
privateKeyDatastringBase64 encoded string of private RSA key. Either privateKeyFile or privateKeyData must be set.No
publicKeyFilestringPath to the public RSA key file.Yes
publicKeyDatastringBase64 encoded string of public RSA key. Either publicKeyFile or publicKeyData must be set.No

SecretManagementGCPKMS

WIP

Notifications

FieldTypeDescriptionRequired
routes[]NotificationRouteList of notification routes.No
receivers[]NotificationReceiverList of notification receivers.No

NotificationRoute

FieldTypeDescriptionRequired
namestringThe name of the route.Yes
receiverstringThe name of receiver who will receive all matched events.Yes
events[]stringList of events that should be routed to the receiver.No
ignoreEvents[]stringList of events that should be ignored.No
groups[]stringList of event groups should be routed to the receiver.No
ignoreGroups[]stringList of event groups should be ignored.No
apps[]stringList of applications where their events should be routed to the receiver.No
ignoreApps[]stringList of applications where their events should be ignored.No
labelsmap[string]stringList of labels where their events should be routed to the receiver.No
ignoreLabelsmap[string]stringList of labels where their events should be ignored.No

NotificationReceiver

FieldTypeDescriptionRequired
namestringThe name of the receiver.Yes
slackNotificationReciverSlackConfiguration for slack receiver.No
webhookNotificationReceiverWebhookConfiguration for webhook receiver.No

NotificationReceiverSlack

FieldTypeDescriptionRequired
hookURLstringThe hookURL of a slack channel.Yes
oauthTokenstringThe token for Slack API use. (deprecated)No
oauthTokenDatastringBase64 encoded string of The token for Slack API use.No
oauthTokenFilestringThe path to the oautoken fileNo
channelIDstringThe channel id which slack api send to.No
mentionedAccounts[]stringThe accounts to which slack api referes. This field supports both @username and username writing styles.No

NotificationReceiverWebhook

FieldTypeDescriptionRequired
urlstringThe URL where notification event will be sent to.Yes
signatureKeystringThe HTTP header key used to store the configured signature in each event. Default is “PipeCD-Signature”.No
signatureValuestringThe value of signature included in header of each event request. It can be used to verify the received events.No
signatureValueFilestringThe path to the signature value file.No

Last modified February 6, 2024: Release v0.46.0 (#4775) (49627aa0e)