This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

API Reference

    Packages

    iam.miloapis.com/v1alpha1

    Package v1alpha1 contains API Schema definitions for the iam v1alpha1 API group

    Resource Types

    Group

    Group is the Schema for the groups API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		iam.miloapis.com/v1alpha1
    kind
    string    		Group
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    status
    GroupStatus

    GroupMembership

    GroupMembership is the Schema for the groupmemberships API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		iam.miloapis.com/v1alpha1
    kind
    string    		GroupMembership
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    GroupMembershipSpec
    status
    GroupMembershipStatus

    GroupMembershipSpec

    GroupMembershipSpec defines the desired state of GroupMembership

    Appears in:

    FieldDescriptionDefaultValidation
    userRef
    UserReference    		UserRef is a reference to the User that is a member of the Group.
    User is a cluster-scoped resource.    		Required: {}
    groupRef
    GroupReference    		GroupRef is a reference to the Group.
    Group is a namespaced resource.    		Required: {}

    GroupMembershipStatus

    GroupMembershipStatus defines the observed state of GroupMembership

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions represent the latest available observations of an object’s current state.

    GroupReference

    GroupReference contains information that points to the Group being referenced. Group is a namespaced resource.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name is the name of the Group being referenced.Required: {}
    namespace
    string    		Namespace of the referenced Group.Required: {}

    GroupStatus

    GroupStatus defines the observed state of Group

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions represent the latest available observations of an object’s current state.

    MachineAccount

    MachineAccount is the Schema for the machine accounts API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		iam.miloapis.com/v1alpha1
    kind
    string    		MachineAccount
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    MachineAccountSpec
    status
    MachineAccountStatus

    MachineAccountKey

    MachineAccountKey is the Schema for the machineaccountkeys API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		iam.miloapis.com/v1alpha1
    kind
    string    		MachineAccountKey
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    MachineAccountKeySpec
    status
    MachineAccountKeyStatus

    MachineAccountKeySpec

    MachineAccountKeySpec defines the desired state of MachineAccountKey

    Appears in:

    FieldDescriptionDefaultValidation
    machineAccountName
    string    		MachineAccountName is the name of the MachineAccount that owns this key.Required: {}
    expirationDate
    Time    		ExpirationDate is the date and time when the MachineAccountKey will expire.
    If not specified, the MachineAccountKey will never expire.    		Optional: {}
    publicKey
    string    		PublicKey is the public key of the MachineAccountKey.
    If not specified, the MachineAccountKey will be created with an auto-generated public key.    		Optional: {}

    MachineAccountKeyStatus

    MachineAccountKeyStatus defines the observed state of MachineAccountKey

    Appears in:

    FieldDescriptionDefaultValidation
    authProviderKeyId
    string    		AuthProviderKeyID is the unique identifier for the key in the auth provider.
    This field is populated by the controller after the key is created in the auth provider.
    For example, when using Zitadel, a typical value might be: “326102453042806786”
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the MachineAccountKey.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}

    MachineAccountSpec

    MachineAccountSpec defines the desired state of MachineAccount

    Appears in:

    FieldDescriptionDefaultValidation
    state
    string    		The state of the machine account. This state can be safely changed as needed.
    States:
    - Active: The machine account can be used to authenticate.
    - Inactive: The machine account is prohibited to be used to authenticate, and revokes all existing sessions.    		ActiveEnum: [Active Inactive]
    Optional: {}

    MachineAccountStatus

    MachineAccountStatus defines the observed state of MachineAccount

    Appears in:

    FieldDescriptionDefaultValidation
    email
    string    		The computed email of the machine account following the pattern:
    {metadata.name}@{metadata.namespace}.{project.metadata.name}.{global-suffix}
    state
    string    		State represents the current activation state of the machine account from the auth provider.
    This field tracks the state from the previous generation and is updated when state changes
    are successfully propagated to the auth provider. It helps optimize performance by only
    updating the auth provider when a state change is detected.    		Enum: [Active Inactive]
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the MachineAccount.

    ParentResourceRef

    ParentResourceRef defines the reference to a parent resource

    Appears in:

    FieldDescriptionDefaultValidation
    apiGroup
    string    		APIGroup is the group for the resource being referenced.
    If APIGroup is not specified, the specified Kind must be in the core API group.
    For any other third-party types, APIGroup is required.    		Optional: {}
    kind
    string    		Kind is the type of resource being referenced.Required: {}

    PolicyBinding

    PolicyBinding is the Schema for the policybindings API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		iam.miloapis.com/v1alpha1
    kind
    string    		PolicyBinding
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    PolicyBindingSpec
    status
    PolicyBindingStatus

    PolicyBindingSpec

    PolicyBindingSpec defines the desired state of PolicyBinding

    Appears in:

    FieldDescriptionDefaultValidation
    roleRef
    RoleReference    		RoleRef is a reference to the Role that is being bound.
    This can be a reference to a Role custom resource.    		Required: {}
    subjects
    Subject array    		Subjects holds references to the objects the role applies to.MinItems: 1
    Required: {}
    resourceSelector
    ResourceSelector    		ResourceSelector defines which resources the subjects in the policy binding
    should have the role applied to. Options within this struct are mutually
    exclusive.    		Required: {}

    PolicyBindingStatus

    PolicyBindingStatus defines the observed state of PolicyBinding

    Appears in:

    FieldDescriptionDefaultValidation
    observedGeneration
    integer    		ObservedGeneration is the most recent generation observed for this PolicyBinding by the controller.Optional: {}
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the PolicyBinding.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}

    ProtectedResourceSpec

    ProtectedResourceSpec defines the desired state of ProtectedResource

    Appears in:

    FieldDescriptionDefaultValidation
    serviceRef
    ServiceReference    		ServiceRef references the service definition this protected resource belongs to.Required: {}
    kind
    string    		The kind of the resource.
    This will be in the format Workload.    		Required: {}
    singular
    string    		The singular form for the resource type, e.g. ‘workload’. Must follow
    camelCase format.    		Required: {}
    plural
    string    		The plural form for the resource type, e.g. ‘workloads’. Must follow
    camelCase format.    		Required: {}
    parentResources
    ParentResourceRef array    		A list of resources that are registered with the platform that may be a
    parent to the resource. Permissions may be bound to a parent resource so
    they can be inherited down the resource hierarchy.    		Optional: {}
    permissions
    string array    		A list of permissions that are associated with the resource.Required: {}

    ProtectedResourceStatus

    ProtectedResourceStatus defines the observed state of ProtectedResource

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the ProtectedResource.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}
    observedGeneration
    integer    		ObservedGeneration is the most recent generation observed for this ProtectedResource. It corresponds to the
    ProtectedResource’s generation, which is updated on mutation by the API Server.    		Optional: {}

    ResourceKind

    ResourceKind contains enough information to identify a resource type.

    Appears in:

    FieldDescriptionDefaultValidation
    apiGroup
    string    		APIGroup is the group for the resource type being referenced. If APIGroup
    is not specified, the specified Kind must be in the core API group.    		Optional: {}
    kind
    string    		Kind is the type of resource being referenced.Required: {}

    ResourceReference

    ResourceReference contains enough information to let you identify a specific API resource instance.

    Appears in:

    FieldDescriptionDefaultValidation
    apiGroup
    string    		APIGroup is the group for the resource being referenced.
    If APIGroup is not specified, the specified Kind must be in the core API group.
    For any other third-party types, APIGroup is required.    		Optional: {}
    kind
    string    		Kind is the type of resource being referenced.Required: {}
    name
    string    		Name is the name of resource being referenced.Required: {}
    uid
    string    		UID is the unique identifier of the resource being referenced.Required: {}
    namespace
    string    		Namespace is the namespace of resource being referenced.
    Required for namespace-scoped resources. Omitted for cluster-scoped resources.    		Optional: {}

    ResourceSelector

    ResourceSelector defines which resources the policy binding applies to. Either resourceRef or resourceKind must be specified, but not both.

    Appears in:

    FieldDescriptionDefaultValidation
    resourceRef
    ResourceReference    		ResourceRef provides a reference to a specific resource instance.
    Mutually exclusive with resourceKind.    		Optional: {}
    resourceKind
    ResourceKind    		ResourceKind specifies that the policy binding should apply to all resources of a specific kind.
    Mutually exclusive with resourceRef.    		Optional: {}

    RoleReference

    RoleReference contains information that points to the Role being used

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name is the name of resource being referencedRequired: {}
    namespace
    string    		Namespace of the referenced Role. If empty, it is assumed to be in the PolicyBinding’s namespace.Optional: {}

    RoleSpec

    RoleSpec defines the desired state of Role

    Appears in:

    FieldDescriptionDefaultValidation
    includedPermissions
    string array    		The names of the permissions this role grants when bound in an IAM policy.
    All permissions must be in the format: \{service\}.\{resource\}.\{action\}
    (e.g. compute.workloads.create).    		Optional: {}
    launchStage
    string    		Defines the launch stage of the IAM Role. Must be one of: Early Access,
    Alpha, Beta, Stable, Deprecated.    		Required: {}
    inheritedRoles
    ScopedRoleReference array    		The list of roles from which this role inherits permissions.
    Each entry must be a valid role resource name.    		Optional: {}

    RoleStatus

    RoleStatus defines the observed state of Role

    Appears in:

    FieldDescriptionDefaultValidation
    parent
    string    		The resource name of the parent the role was created under.Optional: {}
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the Role.Optional: {}
    observedGeneration
    integer    		ObservedGeneration is the most recent generation observed by the controller.

    ScopedRoleReference

    ScopedRoleReference defines a reference to another Role, scoped by namespace. This is used for purposes like role inheritance where a simple name and namespace is sufficient to identify the target role.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name of the referenced Role.Required: {}
    namespace
    string    		Namespace of the referenced Role.
    If not specified, it defaults to the namespace of the resource containing this reference.    		Optional: {}

    ServiceReference

    ServiceReference holds a reference to a service definition.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name is the resource name of the service definition.Required: {}

    Subject

    Subject contains a reference to the object or user identities a role binding applies to. This can be a User or Group.

    Appears in:

    FieldDescriptionDefaultValidation
    kind
    string    		Kind of object being referenced. Values defined in Kind constants.Enum: [User Group]
    Required: {}
    name
    string    		Name of the object being referenced. A special group name of
    “system:authenticated-users” can be used to refer to all authenticated
    users.    		Required: {}
    namespace
    string    		Namespace of the referenced object. If DNE, then for an SA it refers to the PolicyBinding resource’s namespace.
    For a User or Group, it is ignored.    		Optional: {}
    uid
    string    		UID of the referenced object. Optional for system groups (groups with names starting with “system:”).Optional: {}

    UserDeactivation

    UserDeactivation is the Schema for the userdeactivations API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		iam.miloapis.com/v1alpha1
    kind
    string    		UserDeactivation
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    UserDeactivationSpec
    status
    UserDeactivationStatus

    UserDeactivationSpec

    UserDeactivationSpec defines the desired state of UserDeactivation

    Appears in:

    FieldDescriptionDefaultValidation
    userRef
    UserReference    		UserRef is a reference to the User being deactivated.
    User is a cluster-scoped resource.    		Required: {}
    reason
    string    		Reason is the internal reason for deactivation.Required: {}
    description
    string    		Description provides detailed internal description for the deactivation.Optional: {}
    deactivatedBy
    string    		DeactivatedBy indicates who initiated the deactivation.Required: {}

    UserDeactivationStatus

    UserDeactivationStatus defines the observed state of UserDeactivation

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions represent the latest available observations of an object’s current state.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}

    UserInvitationSpec

    UserInvitationSpec defines the desired state of UserInvitation

    Appears in:

    FieldDescriptionDefaultValidation
    email
    string    		The email of the user being invited.Required: {}
    givenName
    string    		The first name of the user being invited.Optional: {}
    familyName
    string    		The last name of the user being invited.Optional: {}
    roles
    RoleReference array    		The roles that will be assigned to the user when they accept the invitation.Optional: {}

    UserInvitationStatus

    UserInvitationStatus defines the observed state of UserInvitation

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the UserInvitation.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}

    UserPreferenceSpec

    UserPreferenceSpec defines the desired state of UserPreference

    Appears in:

    FieldDescriptionDefaultValidation
    userRef
    UserReference    		Reference to the user these preferences belong to.Required: {}
    theme
    string    		The user’s theme preference.systemEnum: [light dark system]
    Optional: {}

    UserPreferenceStatus

    UserPreferenceStatus defines the observed state of UserPreference

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the UserPreference.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}

    UserReference

    UserReference contains information that points to the User being referenced. User is a cluster-scoped resource, so Namespace is not needed.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name is the name of the User being referenced.Required: {}

    UserSpec

    UserSpec defines the desired state of User

    Appears in:

    FieldDescriptionDefaultValidation
    email
    string    		The email of the user.Required: {}
    givenName
    string    		The first name of the user.Optional: {}
    familyName
    string    		The last name of the user.Optional: {}

    UserState

    Underlying type: string

    Appears in:

    | Field | Description | | Active | | | Inactive | |

    UserStatus

    UserStatus defines the observed state of User

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the User.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}
    state
    UserState    		State represents the current activation state of the user account from the
    auth provider. This field is managed exclusively by the UserDeactivation CRD
    and cannot be changed directly by the user. When a UserDeactivation resource
    is created for the user, the user is deactivated in the auth provider; when
    the UserDeactivation is deleted, the user is reactivated.
    States:
    - Active: The user can be used to authenticate.
    - Inactive: The user is prohibited to be used to authenticate, and revokes all existing sessions.    		ActiveEnum: [Active Inactive]

    networking.datumapis.com/v1alpha

    Package v1alpha contains API Schema definitions for the networking v1alpha API group.

    Resource Types

    DNSVerificationRecord

    DNSVerificationRecord represents a DNS record required for verification

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string
    type
    string
    content
    string

    Domain

    Domain represents a domain name in the Datum system

    FieldDescriptionDefaultValidation
    apiVersion
    string    		networking.datumapis.com/v1alpha
    kind
    string    		Domain
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    DomainSpec    		Required: {}
    status
    DomainStatus    		{ conditions:[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:Pending status:Unknown type:Verified] map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:Pending status:Unknown type:VerifiedDNS] map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:Pending status:Unknown type:VerifiedHTTP]] }

    DomainSpec

    DomainSpec defines the desired state of Domain

    Appears in:

    FieldDescriptionDefaultValidation
    domainName
    string    		DomainName is the fully qualified domain name (FQDN) to be managedMaxLength: 253
    MinLength: 1
    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
    Required: {}

    DomainStatus

    DomainStatus defines the observed state of Domain

    Appears in:

    FieldDescriptionDefaultValidation
    verification
    DomainVerificationStatus
    conditions
    Condition array

    DomainVerificationStatus

    DomainVerificationStatus represents the verification status of a domain

    Appears in:

    FieldDescriptionDefaultValidation
    dnsRecord
    DNSVerificationRecord
    httpToken
    HTTPVerificationToken
    nextVerificationAttempt
    Time

    HTTPProxy

    An HTTPProxy builds on top of Gateway API resources to provide a more convenient method to manage simple reverse proxy use cases.

    FieldDescriptionDefaultValidation
    apiVersion
    string    		networking.datumapis.com/v1alpha
    kind
    string    		HTTPProxy
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    HTTPProxySpec    		Spec defines the desired state of an HTTPProxy.Required: {}
    status
    HTTPProxyStatus    		Status defines the current state of an HTTPProxy.{ conditions:[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:Pending status:Unknown type:Accepted] map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for controller reason:Pending status:Unknown type:Programmed]] }

    HTTPProxyRule

    HTTPProxyRule defines semantics for matching an HTTP request based on conditions (matches), processing it (filters), and forwarding the request to backends.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    SectionName    		Name is the name of the route rule. This name MUST be unique within a Route
    if it is set.
    matches
    HTTPRouteMatch array    		Matches define conditions used for matching the rule against incoming
    HTTP requests. Each match is independent, i.e. this rule will be matched
    if any one of the matches is satisfied.
    See documentation for the matches field in the HTTPRouteRule type at
    https://gateway-api.sigs.k8s.io/reference/spec/#httprouterule    		[map[path:map[type:PathPrefix value:/]]]MaxItems: 64
    MinItems: 1
    filters
    HTTPRouteFilter array    		Filters define the filters that are applied to requests that match
    this rule.
    See documentation for the filters field in the HTTPRouteRule type at
    https://gateway-api.sigs.k8s.io/reference/spec/#httprouterule    		MaxItems: 16
    backends
    HTTPProxyRuleBackend array    		Backends defines the backend(s) where matching requests should be
    sent.
    Note: While this field is a list, only a single element is permitted at
    this time due to underlying Gateway limitations. Once addressed, MaxItems
    will be increased to allow for multiple backends on any given route.    		MaxItems: 1
    MinItems: 0

    HTTPProxyRuleBackend

    Appears in:

    FieldDescriptionDefaultValidation
    endpoint
    string    		Endpoint for the backend. Must be a valid URL.
    Supports http and https protocols, IPs or DNS addresses in the host, custom
    ports, and paths.    		Required: {}
    filters
    HTTPRouteFilter array    		Filters defined at this level should be executed if and only if the
    request is being forwarded to the backend defined here.    		MaxItems: 16

    HTTPProxySpec

    HTTPProxySpec defines the desired state of HTTPProxy.

    Appears in:

    FieldDescriptionDefaultValidation
    hostnames
    Hostname array    		Hostnames defines a set of hostnames that should match against the HTTP
    Host header to select a HTTPProxy used to process the request.
    Valid values for Hostnames are determined by RFC 1123 definition of a
    hostname with 1 notable exception:
    1. IPs are not allowed.
    Hostnames must be verified before being programmed. This is accomplished
    via the use of Domain resources. A hostname is considered verified if any
    verified Domain resource exists in the same namespace where the
    spec.domainName of the resource either exactly matches the hostname, or
    is a suffix match of the hostname. That means that a Domain with a
    spec.domainName of example.com will match a hostname of
    test.example.com, foo.test.example.com, and exactly example.com, but
    not a hostname of test-example.com. If a Domain resource does not exist
    that matches a hostname, one will automatically be created when the system
    attempts to program the HTTPProxy.
    In addition to verifying ownership, hostnames must be unique across the
    platform. If a hostname is already programmed on another resource, a
    conflict will be encountered and communicated in the HostnamesVerified
    condition.
    Hostnames which have been programmed will be listed in the
    status.hostnames field. Any hostname which has not been programmed will
    be listed in the message field of the HostnamesVerified condition with
    an indication as to why it was not programmed.
    The system may automatically generate and associate hostnames with the
    HTTPProxy. In such cases, these will be listed in the status.hostnames
    field and do not require additional configuration by the user.
    Wildcard hostnames are not supported at this time.    		MaxItems: 16
    Optional: {}
    rules
    HTTPProxyRule array    		Rules are a list of HTTP matchers, filters and actions.MaxItems: 16
    MinItems: 1
    Required: {}

    HTTPProxyStatus

    HTTPProxyStatus defines the observed state of HTTPProxy.

    Appears in:

    FieldDescriptionDefaultValidation
    addresses
    GatewayStatusAddress array    		Addresses lists the network addresses that have been bound to the
    HTTPProxy.
    This field will not contain custom hostnames defined in the HTTPProxy. See
    the hostnames field    		MaxItems: 16
    hostnames
    Hostname array    		Hostnames lists the hostnames that have been bound to the HTTPProxy.
    If this list does not match that defined in the HTTPProxy, see the
    HostnamesVerified condition message for details.
    conditions
    Condition array    		Conditions describe the current conditions of the HTTPProxy.

    HTTPVerificationToken

    Appears in:

    FieldDescriptionDefaultValidation
    url
    string
    body
    string

    resourcemanager.miloapis.com/v1alpha1

    Resource Types

    MemberReference

    MemberReference contains information that points to the User being referenced.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name is the name of resource being referencedRequired: {}

    Organization

    Use lowercase for path, which influences plural name. Ensure kind is Organization. Organization is the Schema for the Organizations API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		resourcemanager.miloapis.com/v1alpha1
    kind
    string    		Organization
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    OrganizationSpec    		Required: {}
    status
    OrganizationStatus

    OrganizationMembership

    OrganizationMembership is the Schema for the organizationmemberships API

    FieldDescriptionDefaultValidation
    apiVersion
    string    		resourcemanager.miloapis.com/v1alpha1
    kind
    string    		OrganizationMembership
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    OrganizationMembershipSpec
    status
    OrganizationMembershipStatus

    OrganizationMembershipOrganizationStatus

    OrganizationMembershipOrganizationStatus defines the observed state of an organization in a membership.

    Appears in:

    FieldDescriptionDefaultValidation
    type
    string    		Type is the type of the organization in the membership.Optional: {}
    displayName
    string    		DisplayName is the display name of the organization in the membership.Optional: {}

    OrganizationMembershipSpec

    OrganizationMembershipSpec defines the desired state of OrganizationMembership

    Appears in:

    FieldDescriptionDefaultValidation
    organizationRef
    OrganizationReference    		OrganizationRef is a reference to the Organization that the user is a member of.Required: {}
    userRef
    MemberReference    		UserRef is a reference to the User that is a member of the Organization.Required: {}

    OrganizationMembershipStatus

    OrganizationMembershipStatus defines the observed state of OrganizationMembership

    Appears in:

    FieldDescriptionDefaultValidation
    observedGeneration
    integer    		ObservedGeneration is the most recent generation observed for this OrganizationMembership by the controller.Optional: {}
    conditions
    Condition array    		Conditions provide conditions that represent the current status of the OrganizationMembership.[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]Optional: {}
    user
    OrganizationMembershipUserStatus    		User contains information about the user in the membership.Optional: {}
    organization
    OrganizationMembershipOrganizationStatus    		Organization contains information about the organization in the membership.Optional: {}

    OrganizationMembershipUserStatus

    OrganizationMembershipUserStatus defines the observed state of a user in a membership.

    Appears in:

    FieldDescriptionDefaultValidation
    email
    string    		Email is the email of the user in the membership.Optional: {}
    givenName
    string    		GivenName is the given name of the user in the membership.Optional: {}
    familyName
    string    		FamilyName is the family name of the user in the membership.Optional: {}

    OrganizationReference

    OrganizationReference contains information that points to the Organization being referenced.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		Name is the name of resource being referencedRequired: {}

    OrganizationSpec

    OrganizationSpec defines the desired state of Organization

    Appears in:

    FieldDescriptionDefaultValidation
    type
    string    		The type of organization.Enum: [Personal Standard]
    Required: {}

    OrganizationStatus

    OrganizationStatus defines the observed state of Organization

    Appears in:

    FieldDescriptionDefaultValidation
    observedGeneration
    integer    		ObservedGeneration is the most recent generation observed for this Organization by the controller.
    conditions
    Condition array    		Conditions represents the observations of an organization’s current state.
    Known condition types are: “Ready”    		[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]

    OwnerReference

    OwnerReference is a reference to the owner of the project.

    Appears in:

    FieldDescriptionDefaultValidation
    kind
    string    		Kind is the kind of the resource.Enum: [Organization]
    Required: {}
    name
    string    		Name is the name of the resource.Required: {}

    Project

    Project is the Schema for the projects API.

    FieldDescriptionDefaultValidation
    apiVersion
    string    		resourcemanager.miloapis.com/v1alpha1
    kind
    string    		Project
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    ProjectSpec    		Required: {}
    status
    ProjectStatus

    ProjectSpec

    ProjectSpec defines the desired state of Project.

    Appears in:

    FieldDescriptionDefaultValidation
    ownerRef
    OwnerReference    		OwnerRef is a reference to the owner of the project. Must be a valid
    resource.    		Required: {}

    ProjectStatus

    ProjectStatus defines the observed state of Project.

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Represents the observations of a project’s current state.
    Known condition types are: “Ready”    		[map[lastTransitionTime:1970-01-01T00:00:00Z message:Waiting for control plane to reconcile reason:Unknown status:Unknown type:Ready]]

    telemetry.miloapis.com/v1alpha1

    Package v1alpha1 contains API Schema definitions for the telemetry v1alpha1 API group.

    Resource Types

    Authentication

    Configures how the sink will authenticate with the configured endpoint. These options are mutually exclusive.

    Appears in:

    FieldDescriptionDefaultValidation
    basicAuth
    BasicAuthAuthentication    		Configures the sink to use basic auth to authenticate with the configured
    endpoint.

    BasicAuthAuthentication

    Underlying type: struct{SecretRef LocalSecretReference “json:"secretRef"”}

    Configures how the sink should use Basic Auth for authenticating with a telemetry endpoint.

    Appears in:

    Batch

    Configures the batching behavior the sink will use to batch requests before publishing them to the endpoint.

    Appears in:

    FieldDescriptionDefaultValidation
    timeout
    Duration    		Batch timeout before sending telemetry. Must be a duration (e.g. 5s).Required: {}
    maxSize
    integer    		Maximum number of telemetry entries per batch.Maximum: 5000
    Minimum: 1
    Required: {}

    ExportPolicy

    ExportPolicy is the Schema for the export policy API.

    FieldDescriptionDefaultValidation
    apiVersion
    string    		telemetry.miloapis.com/v1alpha1
    kind
    string    		ExportPolicy
    metadata
    ObjectMeta    		Refer to Kubernetes API documentation for fields of metadata.
    spec
    ExportPolicySpec    		Describes the expected state of the ExportPolicy’s configuration. The
    control plane will constantly evaluate the current state of exporters that
    are deployed and ensure it matches the expected configuration. This field
    is required when configuring an export policy.
    status
    ExportPolicyStatus    		Provides information on the current state of the export policy that was
    observed by the control plane. This will be continuously updated as the
    control plane monitors exporters.

    ExportPolicySpec

    ExportPolicySpec defines the desired state of ExportPolicy.

    Appears in:

    FieldDescriptionDefaultValidation
    sources
    TelemetrySource array    		Defines how the export policy should source telemetry data to publish to
    the configured sinks. An export policy can define multiple telemetry
    sources. The export policy will not de-duplicate telemetry data that
    matches multiple sources.    		MaxItems: 20
    MinItems: 1
    Required: {}
    sinks
    TelemetrySink array    		Configures how telemetry data should be sent to a third-party telemetry
    platforms.    		MaxItems: 20
    MinItems: 1
    Required: {}

    ExportPolicyStatus

    ExportPolicyStatus defines the observed state of ExportPolicy.

    Appears in:

    FieldDescriptionDefaultValidation
    conditions
    Condition array    		Provides summary status information on the export policy as a whole. Review
    the sink status information for detailed information on each sink.
    Known condition types are: “Ready”
    sinks
    SinkStatus array    		Provides status information on each sink that’s configured.

    MetricSource

    A metric source configures the metric data that should be exported to the configured sinks. The options below are expected to be mutually exclusive.

    Appears in:

    FieldDescriptionDefaultValidation
    metricsql
    string    		The MetricSQL option allows to user to provide a metricsql query that can
    be used to select and filter metric data that should be published by the
    export policy.
    Here’s an example of a metricsql query that will publish gateway metrics:
    \{service_name=“networking.miloapis.com”, resource_kind="Gateway"\}
    See: https://docs.victoriametrics.com/metricsql/

    PrometheusRemoteWriteSink

    Configures how the sink should send data to a OTLP HTTP endpoint.

    Appears in:

    FieldDescriptionDefaultValidation
    authentication
    Authentication    		Configures how the sink should authenticate with the HTTP endpoint.
    endpoint
    string    		Configure an HTTP endpoint to use for publishing telemetry data.Required: {}
    batch
    Batch    		Configures how telemetry data should be batched before sending to the sink.
    By default, the sink will batch telemetry data every 5 seconds or when
    the batch size reaches 500 entries, whichever comes first.    		{ maxSize:500 timeout:5s }
    retry
    Retry    		Configures the export policies’ retry behavior when it fails to send
    requests to the sink’s endpoint. There’s no guarantees that the export
    policy will retry until success if the endpoint is not available or
    configured incorrectly.    		{ backoffDuration:5s maxAttempts:3 }

    Retry

    Configures the retry behavior of the sink when it fails to send telemetry data to the configured endpoint.

    Appears in:

    FieldDescriptionDefaultValidation
    maxAttempts
    integer    		Maximum number of attempts before telemetry data should be dropped.Maximum: 10
    Minimum: 1
    Required: {}
    backoffDuration
    Duration    		Backoff duration that should be used to backoff when retrying requests.Required: {}

    SinkStatus

    SinkStatus provides status information on the current status of a sink. This can be used to determine whether a sink is configured correctly and is exporting telemetry data.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		The name of the corresponding sink configuration in the spec of the export
    policy.
    conditions
    Condition array    		Provides status information on the current status of the sink. This can be
    used to determine whether a sink is configured correctly and is exporting
    telemetry data.
    Known condition types are: “Ready”

    SinkTarget

    Configures the target of the telemetry sink. The target defines the protocol that’s used to send telemetry data to the sink. Only one target protocol can be configured per sink.

    Appears in:

    FieldDescriptionDefaultValidation
    prometheusRemoteWrite
    PrometheusRemoteWriteSink    		Configures the export policy to publish telemetry using the Prometheus
    Remote Write protocol.

    TelemetrySink

    Configures how telemetry data should be sent to a third-party platform. As of now there are no guarantees around delivery of telemetry data, especially if the sink’s endpoint is unavailable.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		A name provided to the telemetry sink that’s unique within the export
    policy.    		MaxLength: 63
    MinLength: 1
    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
    Required: {}
    sources
    string array    		A list of sources that should be sent to the telemetry sink.MaxItems: 20
    MinItems: 1
    Required: {}
    target
    SinkTarget    		Configures the target of the telemetry sink.Required: {}

    TelemetrySource

    Defines how the export policy should source telemetry data from resources on the platform.

    Appears in:

    FieldDescriptionDefaultValidation
    name
    string    		A unique name given to the telemetry source within an export policy. Must
    be a valid DNS label.    		MaxLength: 63
    MinLength: 1
    Pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
    Required: {}
    metrics
    MetricSource    		Configures how the telemetry source should retrieve metric data from the
    Datum Cloud platform.