Configuration reference
This page describes all configurable fields in the piped configuration.
apiVersion: pipecd.dev/v1beta1
kind: Piped
spec:
projectID: ...
pipedID: ...
...
Piped Configuration
| Field |
Type |
Description |
Required |
| projectID |
string |
The identifier of the PipeCD project where this piped belongs to. |
Yes |
| pipedID |
string |
The generated ID for this piped. |
Yes |
| pipedKeyFile |
string |
The path to the file containing the generated key string for this piped. |
Yes |
| pipedKeyData |
string |
Base64 encoded string of Piped key. Either pipedKeyFile or pipedKeyData must be set. |
Yes |
| apiAddress |
string |
The address used to connect to the Control Plane’s API in format host:port. |
Yes |
| syncInterval |
duration |
How often to check whether an application should be synced. Default is 1m. |
No |
| appConfigSyncInterval |
duration |
How often to check whether application configuration files should be synced. Default is 1m. |
No |
| git |
Git |
Git configuration needed for Git commands. |
No |
| repositories |
[]Repository |
List of Git repositories this piped will handle. |
No |
| chartRepositories |
[]ChartRepository |
List of Helm chart repositories that should be added while starting up. |
No |
| chartRegistries |
[]ChartRegistry |
List of helm chart registries that should be logged in while starting up. |
No |
| platformProviders |
[]PlatformProvider |
List of platform providers can be used by this piped. |
No |
| analysisProviders |
[]AnalysisProvider |
List of analysis providers can be used by this piped. |
No |
| eventWatcher |
EventWatcher |
Optional Event watcher settings. |
No |
| secretManagement |
SecretManagement |
The using secret management method. |
No |
| notifications |
Notifications |
Sending notifications to Slack, Webhook… |
No |
| appSelector |
map[string]string |
List of labels to filter all applications this piped will handle. Currently, it is only be used to filter the applications suggested for adding from the control plane. |
No |
Git
| Field |
Type |
Description |
Required |
| username |
string |
The username that will be configured for git user. Default is piped. |
No |
| email |
string |
The email that will be configured for git user. Default is pipecd.dev@gmail.com. |
No |
| sshConfigFilePath |
string |
Where to write ssh config file. Default is $HOME/.ssh/config. |
No |
| host |
string |
The host name. Default is github.com. |
No |
| hostName |
string |
The hostname or IP address of the remote git server. Default is the same value with Host. |
No |
| sshKeyFile |
string |
The path to the private ssh key file. This will be used to clone the source code of the specified git repositories. |
No |
| sshKeyData |
string |
Base64 encoded string of SSH key. |
No |
| password |
string |
The base64 encoded password for git used while cloning above Git repository. |
No |
GitRepository
| Field |
Type |
Description |
Required |
| repoID |
string |
Unique identifier to the repository. This must be unique in the piped scope. |
Yes |
| remote |
string |
Remote address of the repository used to clone the source code. e.g. git@github.com:org/repo.git |
Yes |
| branch |
string |
The branch will be handled. |
Yes |
ChartRepository
| Field |
Type |
Description |
Required |
| type |
string |
The repository type. Currently, HTTP and GIT are supported. Default is HTTP. |
No |
| name |
string |
The name of the Helm chart repository. Note that is not a Git repository but a Helm chart repository. |
Yes if type is HTTP |
| address |
string |
The address to the Helm chart repository. |
Yes if type is HTTP |
| username |
string |
Username used for the repository backed by HTTP basic authentication. |
No |
| password |
string |
Password used for the repository backed by HTTP basic authentication. |
No |
| insecure |
bool |
Whether to skip TLS certificate checks for the repository or not. |
No |
| gitRemote |
string |
Remote address of the Git repository used to clone Helm charts. |
Yes if type is GIT |
| sshKeyFile |
string |
The path to the private ssh key file used while cloning Helm charts from above Git repository. |
No |
ChartRegistry
| Field |
Type |
Description |
Required |
| type |
string |
The registry type. Currently, only OCI is supported. Default is OCI. |
No |
| address |
string |
The address to the registry. |
Yes |
| username |
string |
Username used for the registry authentication. |
No |
| password |
string |
Password used for the registry authentication. |
No |
| Field |
Type |
Description |
Required |
| name |
string |
The name of the platform provider. |
Yes |
| type |
string |
The platform provider type. Must be one of the following values:
KUBERNETES, TERRAFORM, ECS, CLOUDRUN, LAMBDA. |
Yes |
| config |
PlatformProviderConfig |
Specific configuration for the specified type of platform provider. |
No |
Must be one of the following structs:
| Field |
Type |
Description |
Required |
| masterURL |
string |
The master URL of the kubernetes cluster. Empty means in-cluster. |
No |
| kubectlVersion |
string |
Version of kubectl which will be used to connect to your cluster. Empty means the version set on piped config or default version will be used. |
No |
| kubeConfigPath |
string |
The path to the kubeconfig file. Empty means in-cluster. |
No |
| appStateInformer |
KubernetesAppStateInformer |
Configuration for application resource informer. |
No |
| Field |
Type |
Description |
Required |
| vars |
[]string |
List of variables that will be set directly on terraform commands with -var flag. The variable must be formatted by key=value. |
No |
| driftDetectionEnabled |
bool |
Enable drift detection. This is a temporary option and will be possibly removed in the future release. Default is true |
No |
| Field |
Type |
Description |
Required |
| project |
string |
The GCP project hosting the Cloud Run service. |
Yes |
| region |
string |
The region of running Cloud Run service. |
Yes |
| credentialsFile |
string |
The path to the service account file for accessing Cloud Run service. |
No |
| Field |
Type |
Description |
Required |
| region |
string |
The region of running Lambda service. |
Yes |
| credentialsFile |
string |
The path to the credential file for logging into AWS cluster. If this value is not provided, piped will read credential info from environment variables. It expects the format ~/.aws/credentials. |
No |
| roleARN |
string |
The IAM role arn to use when assuming an role. Required if you want to use the AWS SecurityTokenService. |
No |
| tokenFile |
string |
The path to the WebIdentity token the SDK should use to assume a role with. Required if you want to use the AWS SecurityTokenService. |
No |
| profile |
string |
The profile to use for logging into AWS cluster. The default value is default. |
No |
| awsAPIPollingInterval |
duration |
The interval of periodical calls of AWS APIs. Currently, this is an interval of refreshing the live state of Lambda functions. Default is 15s. |
No |
| Field |
Type |
Description |
Required |
| region |
string |
The region of running ECS cluster. |
Yes |
| credentialsFile |
string |
The path to the credential file for logging into AWS cluster. If this value is not provided, piped will read credential info from environment variables. It expects the format ~/.aws/credentials |
No |
| roleARN |
string |
The IAM role arn to use when assuming an role. Required if you want to use the AWS SecurityTokenService. |
No |
| tokenFile |
string |
The path to the WebIdentity token the SDK should use to assume a role with. Required if you want to use the AWS SecurityTokenService. |
No |
| profile |
string |
The profile to use for logging into AWS cluster. The default value is default. |
No |
| Field |
Type |
Description |
Required |
| namespace |
string |
Only watches the specified namespace. Empty means watching all namespaces. |
No |
| includeResources |
[]KubernetesResourcematcher |
List of resources that should be added to the watching targets. |
No |
| excludeResources |
[]KubernetesResourcematcher |
List of resources that should be ignored from the watching targets. |
No |
KubernetesResourceMatcher
| Field |
Type |
Description |
Required |
| apiVersion |
string |
The APIVersion of the kubernetes resource. |
Yes |
| kind |
string |
The kind name of the kubernetes resource. Empty means all kinds are matching. |
No |
AnalysisProvider
| Field |
Type |
Description |
Required |
| name |
string |
The unique name of the analysis provider. |
Yes |
| type |
string |
The provider type. Currently, only PROMETHEUS, DATADOG are available. |
Yes |
| config |
AnalysisProviderConfig |
Specific configuration for the specified type of analysis provider. |
Yes |
AnalysisProviderConfig
Must be one of the following structs:
AnalysisProviderPrometheusConfig
| Field |
Type |
Description |
Required |
| address |
string |
The Prometheus server address. |
Yes |
| usernameFile |
string |
The path to the username file. |
No |
| passwordFile |
string |
The path to the password file. |
No |
AnalysisProviderDatadogConfig
| Field |
Type |
Description |
Required |
| address |
string |
The address of Datadog API server. Only “datadoghq.com”, “us3.datadoghq.com”, “datadoghq.eu”, “ddog-gov.com” are available. Defaults to “datadoghq.com” |
No |
| apiKeyFile |
string |
The path to the api key file. |
Yes |
| applicationKeyFile |
string |
The path to the application key file. |
Yes |
| apiKeyData |
string |
Base64 API Key for Datadog API server. Either apiKeyData or apiKeyFile must be set |
No |
| applicationKeyData |
string |
Base64 Application Key for Datadog API server. Either applicationKeyFile or applicationKeyData must be set |
No |
EventWatcher
| Field |
Type |
Description |
Required |
| checkInterval |
duration |
Interval to fetch the latest event and compare it with one defined in EventWatcher config files. Defaults to 1m. |
No |
| gitRepos |
[]EventWatcherGitRepo |
The configuration list of git repositories to be observed. Only the repositories in this list will be observed by Piped. |
No |
EventWatcherGitRepo
| Field |
Type |
Description |
Required |
| repoId |
string |
Id of the git repository. This must be unique within the repos’ elements. |
Yes |
| commitMessage |
string |
The commit message used to push after replacing values. Default message is used if not given. |
No |
| includes |
[]string |
The paths to EventWatcher files to be included. Patterns can be used like foo/*.yaml. |
No |
| excludes |
[]string |
The paths to EventWatcher files to be excluded. Patterns can be used like foo/*.yaml. This is prioritized if both includes and this are given. |
No |
SecretManagement
| Field |
Type |
Description |
Required |
| type |
string |
Which management method should be used. Default is KEY_PAIR. |
Yes |
| config |
SecretManagementConfig |
Configration for using secret management method. |
Yes |
SecretManagementConfig
Must be one of the following structs:
SecretManagementKeyPair
| Field |
Type |
Description |
Required |
| privateKeyFile |
string |
Path to the private RSA key file. |
Yes |
| privateKeyData |
string |
Base64 encoded string of private RSA key. Either privateKeyFile or privateKeyData must be set. |
No |
| publicKeyFile |
string |
Path to the public RSA key file. |
Yes |
| publicKeyData |
string |
Base64 encoded string of public RSA key. Either publicKeyFile or publicKeyData must be set. |
No |
SecretManagementGCPKMS
WIP
Notifications
NotificationRoute
| Field |
Type |
Description |
Required |
| name |
string |
The name of the route. |
Yes |
| receiver |
string |
The name of receiver who will receive all matched events. |
Yes |
| events |
[]string |
List of events that should be routed to the receiver. |
No |
| ignoreEvents |
[]string |
List of events that should be ignored. |
No |
| groups |
[]string |
List of event groups should be routed to the receiver. |
No |
| ignoreGroups |
[]string |
List of event groups should be ignored. |
No |
| apps |
[]string |
List of applications where their events should be routed to the receiver. |
No |
| ignoreApps |
[]string |
List of applications where their events should be ignored. |
No |
| labels |
map[string]string |
List of labels where their events should be routed to the receiver. |
No |
| ignoreLabels |
map[string]string |
List of labels where their events should be ignored. |
No |
NotificationReceiver
NotificationReceiverSlack
| Field |
Type |
Description |
Required |
| hookURL |
string |
The hookURL of a slack channel. |
Yes |
| oauthToken |
string |
The token for Slack API use. (deprecated) |
No |
| oauthTokenData |
string |
Base64 encoded string of The token for Slack API use. |
No |
| oauthTokenFile |
string |
The path to the oautoken file |
No |
| channelID |
string |
The channel id which slack api send to. |
No |
| mentionedAccounts |
[]string |
The accounts to which slack api referes. This field supports both @username and username writing styles. |
No |
| mentionedGroups |
[]string |
The groups to which slack api referes. This field supports both <!subteam^groupname> and groupname writing styles. |
No |
NotificationReceiverWebhook
| Field |
Type |
Description |
Required |
| url |
string |
The URL where notification event will be sent to. |
Yes |
| signatureKey |
string |
The HTTP header key used to store the configured signature in each event. Default is “PipeCD-Signature”. |
No |
| signatureValue |
string |
The value of signature included in header of each event request. It can be used to verify the received events. |
No |
| signatureValueFile |
string |
The path to the signature value file. |
No |
