Configuration reference
This page describes all configurable fields in the piped configuration.
apiVersion: pipecd.dev/v1beta1
kind: Piped
spec:
projectID: ...
pipedID: ...
...
Piped Configuration
| Field | Type | Description | Required |
|---|
| projectID | string | The identifier of the PipeCD project where this piped belongs to. | Yes |
| pipedID | string | The generated ID for this piped. | Yes |
| pipedKeyFile | string | The path to the file containing the generated key string for this piped. | Yes |
| pipedKeyData | string | Base64 encoded string of Piped key. Either pipedKeyFile or pipedKeyData must be set. | Yes |
| apiAddress | string | The address used to connect to the Control Plane’s API in format host:port. | Yes |
| syncInterval | duration | How often to check whether an application should be synced. Default is 1m. | No |
| appConfigSyncInterval | duration | How often to check whether application configuration files should be synced. Default is 1m. | No |
| git | Git | Git configuration needed for Git commands. | No |
| repositories | []Repository | List of Git repositories this piped will handle. | No |
| chartRepositories | []ChartRepository | List of Helm chart repositories that should be added while starting up. | No |
| chartRegistries | []ChartRegistry | List of helm chart registries that should be logged in while starting up. | No |
| platformProviders | []PlatformProvider | List of platform providers can be used by this piped. | No |
| analysisProviders | []AnalysisProvider | List of analysis providers can be used by this piped. | No |
| eventWatcher | EventWatcher | Optional Event watcher settings. | No |
| secretManagement | SecretManagement | The using secret management method. | No |
| notifications | Notifications | Sending notifications to Slack, Webhook… | No |
| appSelector | map[string]string | List of labels to filter all applications this piped will handle. Currently, it is only be used to filter the applications suggested for adding from the control plane. | No |
Git
| Field | Type | Description | Required |
|---|
| username | string | The username that will be configured for git user. Default is piped. | No |
| email | string | The email that will be configured for git user. Default is pipecd.dev@gmail.com. | No |
| sshConfigFilePath | string | Where to write ssh config file. Default is $HOME/.ssh/config. | No |
| host | string | The host name. Default is github.com. | No |
| hostName | string | The hostname or IP address of the remote git server. Default is the same value with Host. | No |
| sshKeyFile | string | The path to the private ssh key file. This will be used to clone the source code of the specified git repositories. | No |
| sshKeyData | string | Base64 encoded string of SSH key. | No |
| password | string | The base64 encoded password for git used while cloning above Git repository. | No |
GitRepository
| Field | Type | Description | Required |
|---|
| repoID | string | Unique identifier to the repository. This must be unique in the piped scope. | Yes |
| remote | string | Remote address of the repository used to clone the source code. e.g. git@github.com:org/repo.git | Yes |
| branch | string | The branch will be handled. | Yes |
ChartRepository
| Field | Type | Description | Required |
|---|
| type | string | The repository type. Currently, HTTP and GIT are supported. Default is HTTP. | No |
| name | string | The name of the Helm chart repository. Note that is not a Git repository but a Helm chart repository. | Yes if type is HTTP |
| address | string | The address to the Helm chart repository. | Yes if type is HTTP |
| username | string | Username used for the repository backed by HTTP basic authentication. | No |
| password | string | Password used for the repository backed by HTTP basic authentication. | No |
| insecure | bool | Whether to skip TLS certificate checks for the repository or not. | No |
| gitRemote | string | Remote address of the Git repository used to clone Helm charts. | Yes if type is GIT |
| sshKeyFile | string | The path to the private ssh key file used while cloning Helm charts from above Git repository. | No |
ChartRegistry
| Field | Type | Description | Required |
|---|
| type | string | The registry type. Currently, only OCI is supported. Default is OCI. | No |
| address | string | The address to the registry. | Yes |
| username | string | Username used for the registry authentication. | No |
| password | string | Password used for the registry authentication. | No |
| Field | Type | Description | Required |
|---|
| name | string | The name of the platform provider. | Yes |
| type | string | The platform provider type. Must be one of the following values:
KUBERNETES, TERRAFORM, ECS, CLOUDRUN, LAMBDA. | Yes |
| config | PlatformProviderConfig | Specific configuration for the specified type of platform provider. | No |
Must be one of the following structs:
| Field | Type | Description | Required |
|---|
| masterURL | string | The master URL of the kubernetes cluster. Empty means in-cluster. | No |
| kubectlVersion | string | Version of kubectl which will be used to connect to your cluster. Empty means the version set on piped config or default version will be used. | No |
| kubeConfigPath | string | The path to the kubeconfig file. Empty means in-cluster. | No |
| appStateInformer | KubernetesAppStateInformer | Configuration for application resource informer. | No |
| Field | Type | Description | Required |
|---|
| vars | []string | List of variables that will be set directly on terraform commands with -var flag. The variable must be formatted by key=value. | No |
| driftDetectionEnabled | bool | Enable drift detection. This is a temporary option and will be possibly removed in the future release. Default is true | No |
| Field | Type | Description | Required |
|---|
| project | string | The GCP project hosting the Cloud Run service. | Yes |
| region | string | The region of running Cloud Run service. | Yes |
| credentialsFile | string | The path to the service account file for accessing Cloud Run service. | No |
| Field | Type | Description | Required |
|---|
| region | string | The region of running Lambda service. | Yes |
| credentialsFile | string | The path to the credential file for logging into AWS cluster. If this value is not provided, piped will read credential info from environment variables. It expects the format ~/.aws/credentials. | No |
| roleARN | string | The IAM role arn to use when assuming an role. Required if you want to use the AWS SecurityTokenService. | No |
| tokenFile | string | The path to the WebIdentity token the SDK should use to assume a role with. Required if you want to use the AWS SecurityTokenService. | No |
| profile | string | The profile to use for logging into AWS cluster. The default value is default. | No |
| awsAPIPollingInterval | duration | The interval of periodical calls of AWS APIs. Currently, this is an interval of refreshing the live state of Lambda functions. Default is 15s. | No |
| Field | Type | Description | Required |
|---|
| region | string | The region of running ECS cluster. | Yes |
| credentialsFile | string | The path to the credential file for logging into AWS cluster. If this value is not provided, piped will read credential info from environment variables. It expects the format ~/.aws/credentials | No |
| roleARN | string | The IAM role arn to use when assuming an role. Required if you want to use the AWS SecurityTokenService. | No |
| tokenFile | string | The path to the WebIdentity token the SDK should use to assume a role with. Required if you want to use the AWS SecurityTokenService. | No |
| profile | string | The profile to use for logging into AWS cluster. The default value is default. | No |
| Field | Type | Description | Required |
|---|
| namespace | string | Only watches the specified namespace. Empty means watching all namespaces. | No |
| includeResources | []KubernetesResourcematcher | List of resources that should be added to the watching targets. | No |
| excludeResources | []KubernetesResourcematcher | List of resources that should be ignored from the watching targets. | No |
KubernetesResourceMatcher
| Field | Type | Description | Required |
|---|
| apiVersion | string | The APIVersion of the kubernetes resource. | Yes |
| kind | string | The kind name of the kubernetes resource. Empty means all kinds are matching. | No |
AnalysisProvider
| Field | Type | Description | Required |
|---|
| name | string | The unique name of the analysis provider. | Yes |
| type | string | The provider type. Currently, only PROMETHEUS, DATADOG are available. | Yes |
| config | AnalysisProviderConfig | Specific configuration for the specified type of analysis provider. | Yes |
AnalysisProviderConfig
Must be one of the following structs:
AnalysisProviderPrometheusConfig
| Field | Type | Description | Required |
|---|
| address | string | The Prometheus server address. | Yes |
| usernameFile | string | The path to the username file. | No |
| passwordFile | string | The path to the password file. | No |
AnalysisProviderDatadogConfig
| Field | Type | Description | Required |
|---|
| address | string | The address of Datadog API server. Only “datadoghq.com”, “us3.datadoghq.com”, “datadoghq.eu”, “ddog-gov.com” are available. Defaults to “datadoghq.com” | No |
| apiKeyFile | string | The path to the api key file. | Yes |
| applicationKeyFile | string | The path to the application key file. | Yes |
| apiKeyData | string | Base64 API Key for Datadog API server. Either apiKeyData or apiKeyFile must be set | No |
| applicationKeyData | string | Base64 Application Key for Datadog API server. Either applicationKeyFile or applicationKeyData must be set | No |
EventWatcher
| Field | Type | Description | Required |
|---|
| checkInterval | duration | Interval to fetch the latest event and compare it with one defined in EventWatcher config files. Defaults to 1m. | No |
| gitRepos | []EventWatcherGitRepo | The configuration list of git repositories to be observed. Only the repositories in this list will be observed by Piped. | No |
EventWatcherGitRepo
| Field | Type | Description | Required |
|---|
| repoId | string | Id of the git repository. This must be unique within the repos’ elements. | Yes |
| commitMessage | string | The commit message used to push after replacing values. Default message is used if not given. | No |
| includes | []string | The paths to EventWatcher files to be included. Patterns can be used like foo/*.yaml. | No |
| excludes | []string | The paths to EventWatcher files to be excluded. Patterns can be used like foo/*.yaml. This is prioritized if both includes and this are given. | No |
SecretManagement
| Field | Type | Description | Required |
|---|
| type | string | Which management method should be used. Default is KEY_PAIR. | Yes |
| config | SecretManagementConfig | Configration for using secret management method. | Yes |
SecretManagementConfig
Must be one of the following structs:
SecretManagementKeyPair
| Field | Type | Description | Required |
|---|
| privateKeyFile | string | Path to the private RSA key file. | Yes |
| privateKeyData | string | Base64 encoded string of private RSA key. Either privateKeyFile or privateKeyData must be set. | No |
| publicKeyFile | string | Path to the public RSA key file. | Yes |
| publicKeyData | string | Base64 encoded string of public RSA key. Either publicKeyFile or publicKeyData must be set. | No |
SecretManagementGCPKMS
WIP
Notifications
NotificationRoute
| Field | Type | Description | Required |
|---|
| name | string | The name of the route. | Yes |
| receiver | string | The name of receiver who will receive all matched events. | Yes |
| events | []string | List of events that should be routed to the receiver. | No |
| ignoreEvents | []string | List of events that should be ignored. | No |
| groups | []string | List of event groups should be routed to the receiver. | No |
| ignoreGroups | []string | List of event groups should be ignored. | No |
| apps | []string | List of applications where their events should be routed to the receiver. | No |
| ignoreApps | []string | List of applications where their events should be ignored. | No |
| labels | map[string]string | List of labels where their events should be routed to the receiver. | No |
| ignoreLabels | map[string]string | List of labels where their events should be ignored. | No |
NotificationReceiver
NotificationReceiverSlack
| Field | Type | Description | Required |
|---|
| hookURL | string | The hookURL of a slack channel. | Yes |
| oauthToken | string | The token for Slack API use. (deprecated) | No |
| oauthTokenData | string | Base64 encoded string of The token for Slack API use. | No |
| oauthTokenFile | string | The path to the oautoken file | No |
| channelID | string | The channel id which slack api send to. | No |
| mentionedAccounts | []string | The accounts to which slack api referes. This field supports both @username and username writing styles. | No |
| mentionedGroups | []string | The groups to which slack api referes. This field supports both <!subteam^groupname> and groupname writing styles. | No |
NotificationReceiverWebhook
| Field | Type | Description | Required |
|---|
| url | string | The URL where notification event will be sent to. | Yes |
| signatureKey | string | The HTTP header key used to store the configured signature in each event. Default is “PipeCD-Signature”. | No |
| signatureValue | string | The value of signature included in header of each event request. It can be used to verify the received events. | No |
| signatureValueFile | string | The path to the signature value file. | No |
