Configuration reference

This page describes all configurable fields in the Control Plane configuration.
apiVersion: pipecd.dev/v1beta1
kind: ControlPlane
spec:
  address: https://your-pipecd-address
  ...

Control Plane Configuration

FieldTypeDescriptionRequired
stateKeystringA randomly generated string used to sign oauth state.Yes
datastoreDataStoreStorage for storing application, deployment data.Yes
filestoreFileStoreFile storage for storing deployment logs and application states.Yes
cacheCacheInternal cache configuration.No
addressstringThe address to the control plane. This is required if SSO is enabled.No
insightCollectorInsightCollectorOption to run collector of Insights feature.No
sharedSSOConfigs[]SharedSSOConfigList of shared SSO configurations that can be used by any projects.No
projects[]ProjectList of debugging/quickstart projects. Please note that do not use this to configure the projects running in the production.No

DataStore

FieldTypeDescriptionRequired
typestringWhich type of data store should be used. Can be one of the following values
FIRESTORE, MYSQL.		Yes
configDataStoreConfigSpecific configuration for the datastore type. This must be one of these DataStoreConfig.Yes

DataStoreConfig

Must be one of the following objects:

DataStoreFireStoreConfig

FieldTypeDescriptionRequired
namespacestringThe root path element considered as a logical namespace, e.g. pipecd.Yes
environmentstringThe second path element considered as a logical environment, e.g. dev. All pipecd collections will have path formatted according to {namespace}/{environment}/{collection-name}.Yes
collectionNamePrefixstringThe prefix for collection name. This can be used to avoid conflicts with existing collections in your Firestore database.No
projectstringThe name of GCP project hosting the Firestore.Yes
credentialsFilestringThe path to the service account file for accessing Firestores.No

DataStoreMySQLConfig

FieldTypeDescriptionRequired
urlstringThe address to MySQL server. Should attach with the database port info as 127.0.0.1:3307 in case you want to use another port than the default value.Yes
databasestringThe name of database.No (If you set it via URL)
usernameFilestringPath to the file containing the username.No
passwordFilestringPath to the file containing the password.No

FileStore

FieldTypeDescriptionRequired
typestringWhich type of file store should be used. Can be one of the following values
GCS, S3, MINIO		Yes
configFileStoreConfigSpecific configuration for the filestore type. This must be one of these FileStoreConfig.Yes

FileStoreConfig

Must be one of the following objects:

FileStoreGCSConfig

FieldTypeDescriptionRequired
bucketstringThe bucket name.Yes
credentialsFilestringThe path to the service account file for accessing GCS.No

FileStoreS3Config

FieldTypeDescriptionRequired
bucketstringThe AWS S3 bucket name.Yes
regionstringThe AWS region name.Yes
profilestringThe AWS profile name. Default value is default.No
credentialsFilestringThe path to AWS credential file. Requires only if you want to auth by specified credential file, by default PipeCD will use $HOME/.aws/credentials file.No
roleARNstringThe IAM role arn to use when assuming an role. Requires only if you want to auth by WebIdentity pattern.No
tokenFilestringThe path to the WebIdentity token PipeCD should use to assume a role with. Requires only if you want to auth by WebIdentity pattern.No

FileStoreMinioConfig

FieldTypeDescriptionRequired
endpointstringThe address of Minio.Yes
bucketstringThe bucket name.Yes
accessKeyFilestringThe path to the access key file.No
secretKeyFilestringThe path to the secret key file.No
autoCreateBucketboolWhether the given bucket should be made automatically if not exists.No

Cache

FieldTypeDescriptionRequired
ttldurationThe time that in-memory cache items are stored before they are considered as stale.Yes

Project

FieldTypeDescriptionRequired
idstringThe unique identifier of the project.Yes
descstringThe description about the project.No
staticAdminProjectStaticUserStatic admin account of the project.Yes

ProjectStaticUser

FieldTypeDescriptionRequired
usernamestringThe username string.Yes
passwordHashstringThe bcrypt hashed value of the password string.Yes

InsightCollector

FieldTypeDescriptionRequired
applicationInsightCollectorApplicationApplication metrics collector.No
deploymentInsightCollectorDeploymentDeployment metrics collector.No

InsightCollectorApplication

FieldTypeDescriptionRequired
enabledboolWhether to enable. Default is trueNo
schedulestringWhen collector will be executed. Default is 0 * * * *No

InsightCollectorDeployment

FieldTypeDescriptionRequired
enabledboolWhether to enable. Default is trueNo
schedulestringWhen collector will be executed. Default is 30 * * * *No
chunkMaxCountintThe maximum number of deployment items could be stored in a chunk. Default is 1000No

SharedSSOConfig

FieldTypeDescriptionRequired
namestringThe unique name of the configuration.Yes
providerstringThe SSO service provider. Currently, only GITHUB and OIDC is supported.Yes
sessionTtlintThe time to live of session for SSO login. Unit is hour. Default is 7 * 24 hours.No
githubSSOConfigGitHubGitHub sso configuration.No
oidcSSOConfigOIDCOIDC sso configuration.No

SSOConfigGitHub

FieldTypeDescriptionRequired
clientIdstringThe client id string of GitHub oauth app.Yes
clientSecretstringThe client secret string of GitHub oauth app.Yes
baseUrlstringThe address of GitHub service. Required if enterprise.No
uploadUrlstringThe upload url of GitHub service.No
proxyUrlstringThe address of the proxy used while communicating with the GitHub service.No

SSOConfigOIDC

FieldTypeDescriptionRequired
clientIdstringThe client id string of OpenID Connect oauth app.Yes
clientSecretstringThe client secret string of OpenID Connect oauth app.Yes
issuerstringThe address of OpenID Connect service.Yes
redirectUristringThe address of the redirect URI.Yes
authorizationEndpointstringThe address of the authorization endpoint.No
tokenEndpointstringThe address of the token endpoint.No
userInfoEndpointstringThe address of the user info endpoint.No
proxyUrlstringThe address of the proxy used while communicating with the OpenID Connect service.No
scopes[]stringScopes to request from the OpenID Connect service. Default is openid. Some providers may require other scopes.No

Last modified December 3, 2024: Make release version=v0.50.0 (#5382) (1216bdf8c)