Microsoft.KubernetesConfiguration fluxConfigurations 2022-07-01
Bicep resource definition
The fluxConfigurations resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KubernetesConfiguration/fluxConfigurations resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.KubernetesConfiguration/fluxConfigurations@2022-07-01' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
azureBlob: {
accountKey: 'string'
containerName: 'string'
localAuthRef: 'string'
managedIdentity: {
clientId: 'string'
}
sasToken: 'string'
servicePrincipal: {
clientCertificate: 'string'
clientCertificatePassword: 'string'
clientCertificateSendChain: bool
clientId: 'string'
clientSecret: 'string'
tenantId: 'string'
}
syncIntervalInSeconds: int
timeoutInSeconds: int
url: 'string'
}
bucket: {
accessKey: 'string'
bucketName: 'string'
insecure: bool
localAuthRef: 'string'
syncIntervalInSeconds: int
timeoutInSeconds: int
url: 'string'
}
configurationProtectedSettings: {
{customized property}: 'string'
}
gitRepository: {
httpsCACert: 'string'
httpsUser: 'string'
localAuthRef: 'string'
repositoryRef: {
branch: 'string'
commit: 'string'
semver: 'string'
tag: 'string'
}
sshKnownHosts: 'string'
syncIntervalInSeconds: int
timeoutInSeconds: int
url: 'string'
}
kustomizations: {
{customized property}: {
dependsOn: [
'string'
]
force: bool
path: 'string'
prune: bool
retryIntervalInSeconds: int
syncIntervalInSeconds: int
timeoutInSeconds: int
}
}
namespace: 'string'
scope: 'string'
sourceKind: 'string'
suspend: bool
}
}
Property values
AzureBlobDefinition
| Name | Description | Value |
|---|---|---|
| accountKey | The account key (shared key) to access the storage account | string Constraints: Sensitive value. Pass in as a secure parameter. |
| containerName | The Azure Blob container name to sync from the url endpoint for the flux configuration. | string |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| managedIdentity | Parameters to authenticate using a Managed Identity. | ManagedIdentityDefinition |
| sasToken | The Shared Access token to access the storage container | string Constraints: Sensitive value. Pass in as a secure parameter. |
| servicePrincipal | Parameters to authenticate using Service Principal. | ServicePrincipalDefinition |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster Azure Blob source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster Azure Blob source with the remote. | int |
| url | The URL to sync for the flux configuration Azure Blob storage account. | string |
BucketDefinition
| Name | Description | Value |
|---|---|---|
| accessKey | Plaintext access key used to securely access the S3 bucket | string |
| bucketName | The bucket name to sync from the url endpoint for the flux configuration. | string |
| insecure | Specify whether to use insecure communication when puling data from the S3 bucket. | bool |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster bucket source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster bucket source with the remote. | int |
| url | The URL to sync for the flux configuration S3 bucket. | string |
FluxConfigurationProperties
| Name | Description | Value |
|---|---|---|
| azureBlob | Parameters to reconcile to the AzureBlob source kind type. | AzureBlobDefinition |
| bucket | Parameters to reconcile to the Bucket source kind type. | BucketDefinition |
| configurationProtectedSettings | Key-value pairs of protected configuration settings for the configuration | FluxConfigurationPropertiesConfigurationProtectedSettings |
| gitRepository | Parameters to reconcile to the GitRepository source kind type. | GitRepositoryDefinition |
| kustomizations | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | FluxConfigurationPropertiesKustomizations |
| namespace | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | string |
| scope | Scope at which the operator will be installed. | 'cluster' 'namespace' |
| sourceKind | Source Kind to pull the configuration data from. | 'AzureBlob' 'Bucket' 'GitRepository' |
| suspend | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | bool |
FluxConfigurationPropertiesConfigurationProtectedSettings
| Name | Description | Value |
|---|
FluxConfigurationPropertiesKustomizations
| Name | Description | Value |
|---|
GitRepositoryDefinition
| Name | Description | Value |
|---|---|---|
| httpsCACert | Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS | string |
| httpsUser | Plaintext HTTPS username used to access private git repositories over HTTPS | string |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| repositoryRef | The source reference for the GitRepository object. | RepositoryRefDefinition |
| sshKnownHosts | Base64-encoded known_hosts value containing public SSH keys required to access private git repositories over SSH | string |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster git repository source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster git repository source with the remote. | int |
| url | The URL to sync for the flux configuration git repository. | string |
KustomizationDefinition
| Name | Description | Value |
|---|---|---|
| dependsOn | Specifies other Kustomizations that this Kustomization depends on. This Kustomization will not reconcile until all dependencies have completed their reconciliation. | string[] |
| force | Enable/disable re-creating Kubernetes resources on the cluster when patching fails due to an immutable field change. | bool |
| path | The path in the source reference to reconcile on the cluster. | string |
| prune | Enable/disable garbage collections of Kubernetes objects created by this Kustomization. | bool |
| retryIntervalInSeconds | The interval at which to re-reconcile the Kustomization on the cluster in the event of failure on reconciliation. | int |
| syncIntervalInSeconds | The interval at which to re-reconcile the Kustomization on the cluster. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the Kustomization on the cluster. | int |
ManagedIdentityDefinition
| Name | Description | Value |
|---|---|---|
| clientId | The client Id for authenticating a Managed Identity. | string |
Microsoft.KubernetesConfiguration/fluxConfigurations
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | Properties to create a Flux Configuration resource | FluxConfigurationProperties |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
RepositoryRefDefinition
| Name | Description | Value |
|---|---|---|
| branch | The git repository branch name to checkout. | string |
| commit | The commit SHA to checkout. This value must be combined with the branch name to be valid. This takes precedence over semver. | string |
| semver | The semver range used to match against git repository tags. This takes precedence over tag. | string |
| tag | The git repository tag name to checkout. This takes precedence over branch. | string |
ServicePrincipalDefinition
| Name | Description | Value |
|---|---|---|
| clientCertificate | Base64-encoded certificate used to authenticate a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| clientCertificatePassword | The password for the certificate used to authenticate a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| clientCertificateSendChain | Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the Client Certificate | bool |
| clientId | The client Id for authenticating a Service Principal. | string |
| clientSecret | The client secret for authenticating a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| tenantId | The tenant Id for authenticating a Service Principal | string |
ARM template resource definition
The fluxConfigurations resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KubernetesConfiguration/fluxConfigurations resource, add the following JSON to your template.
{
"type": "Microsoft.KubernetesConfiguration/fluxConfigurations",
"apiVersion": "2022-07-01",
"name": "string",
"properties": {
"azureBlob": {
"accountKey": "string",
"containerName": "string",
"localAuthRef": "string",
"managedIdentity": {
"clientId": "string"
},
"sasToken": "string",
"servicePrincipal": {
"clientCertificate": "string",
"clientCertificatePassword": "string",
"clientCertificateSendChain": "bool",
"clientId": "string",
"clientSecret": "string",
"tenantId": "string"
},
"syncIntervalInSeconds": "int",
"timeoutInSeconds": "int",
"url": "string"
},
"bucket": {
"accessKey": "string",
"bucketName": "string",
"insecure": "bool",
"localAuthRef": "string",
"syncIntervalInSeconds": "int",
"timeoutInSeconds": "int",
"url": "string"
},
"configurationProtectedSettings": {
"{customized property}": "string"
},
"gitRepository": {
"httpsCACert": "string",
"httpsUser": "string",
"localAuthRef": "string",
"repositoryRef": {
"branch": "string",
"commit": "string",
"semver": "string",
"tag": "string"
},
"sshKnownHosts": "string",
"syncIntervalInSeconds": "int",
"timeoutInSeconds": "int",
"url": "string"
},
"kustomizations": {
"{customized property}": {
"dependsOn": [ "string" ],
"force": "bool",
"path": "string",
"prune": "bool",
"retryIntervalInSeconds": "int",
"syncIntervalInSeconds": "int",
"timeoutInSeconds": "int"
}
},
"namespace": "string",
"scope": "string",
"sourceKind": "string",
"suspend": "bool"
}
}
Property values
AzureBlobDefinition
| Name | Description | Value |
|---|---|---|
| accountKey | The account key (shared key) to access the storage account | string Constraints: Sensitive value. Pass in as a secure parameter. |
| containerName | The Azure Blob container name to sync from the url endpoint for the flux configuration. | string |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| managedIdentity | Parameters to authenticate using a Managed Identity. | ManagedIdentityDefinition |
| sasToken | The Shared Access token to access the storage container | string Constraints: Sensitive value. Pass in as a secure parameter. |
| servicePrincipal | Parameters to authenticate using Service Principal. | ServicePrincipalDefinition |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster Azure Blob source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster Azure Blob source with the remote. | int |
| url | The URL to sync for the flux configuration Azure Blob storage account. | string |
BucketDefinition
| Name | Description | Value |
|---|---|---|
| accessKey | Plaintext access key used to securely access the S3 bucket | string |
| bucketName | The bucket name to sync from the url endpoint for the flux configuration. | string |
| insecure | Specify whether to use insecure communication when puling data from the S3 bucket. | bool |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster bucket source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster bucket source with the remote. | int |
| url | The URL to sync for the flux configuration S3 bucket. | string |
FluxConfigurationProperties
| Name | Description | Value |
|---|---|---|
| azureBlob | Parameters to reconcile to the AzureBlob source kind type. | AzureBlobDefinition |
| bucket | Parameters to reconcile to the Bucket source kind type. | BucketDefinition |
| configurationProtectedSettings | Key-value pairs of protected configuration settings for the configuration | FluxConfigurationPropertiesConfigurationProtectedSettings |
| gitRepository | Parameters to reconcile to the GitRepository source kind type. | GitRepositoryDefinition |
| kustomizations | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | FluxConfigurationPropertiesKustomizations |
| namespace | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | string |
| scope | Scope at which the operator will be installed. | 'cluster' 'namespace' |
| sourceKind | Source Kind to pull the configuration data from. | 'AzureBlob' 'Bucket' 'GitRepository' |
| suspend | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | bool |
FluxConfigurationPropertiesConfigurationProtectedSettings
| Name | Description | Value |
|---|
FluxConfigurationPropertiesKustomizations
| Name | Description | Value |
|---|
GitRepositoryDefinition
| Name | Description | Value |
|---|---|---|
| httpsCACert | Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS | string |
| httpsUser | Plaintext HTTPS username used to access private git repositories over HTTPS | string |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| repositoryRef | The source reference for the GitRepository object. | RepositoryRefDefinition |
| sshKnownHosts | Base64-encoded known_hosts value containing public SSH keys required to access private git repositories over SSH | string |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster git repository source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster git repository source with the remote. | int |
| url | The URL to sync for the flux configuration git repository. | string |
KustomizationDefinition
| Name | Description | Value |
|---|---|---|
| dependsOn | Specifies other Kustomizations that this Kustomization depends on. This Kustomization will not reconcile until all dependencies have completed their reconciliation. | string[] |
| force | Enable/disable re-creating Kubernetes resources on the cluster when patching fails due to an immutable field change. | bool |
| path | The path in the source reference to reconcile on the cluster. | string |
| prune | Enable/disable garbage collections of Kubernetes objects created by this Kustomization. | bool |
| retryIntervalInSeconds | The interval at which to re-reconcile the Kustomization on the cluster in the event of failure on reconciliation. | int |
| syncIntervalInSeconds | The interval at which to re-reconcile the Kustomization on the cluster. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the Kustomization on the cluster. | int |
ManagedIdentityDefinition
| Name | Description | Value |
|---|---|---|
| clientId | The client Id for authenticating a Managed Identity. | string |
Microsoft.KubernetesConfiguration/fluxConfigurations
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2022-07-01' |
| name | The resource name | string (required) |
| properties | Properties to create a Flux Configuration resource | FluxConfigurationProperties |
| type | The resource type | 'Microsoft.KubernetesConfiguration/fluxConfigurations' |
RepositoryRefDefinition
| Name | Description | Value |
|---|---|---|
| branch | The git repository branch name to checkout. | string |
| commit | The commit SHA to checkout. This value must be combined with the branch name to be valid. This takes precedence over semver. | string |
| semver | The semver range used to match against git repository tags. This takes precedence over tag. | string |
| tag | The git repository tag name to checkout. This takes precedence over branch. | string |
ServicePrincipalDefinition
| Name | Description | Value |
|---|---|---|
| clientCertificate | Base64-encoded certificate used to authenticate a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| clientCertificatePassword | The password for the certificate used to authenticate a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| clientCertificateSendChain | Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the Client Certificate | bool |
| clientId | The client Id for authenticating a Service Principal. | string |
| clientSecret | The client secret for authenticating a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| tenantId | The tenant Id for authenticating a Service Principal | string |
Terraform (AzAPI provider) resource definition
The fluxConfigurations resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.KubernetesConfiguration/fluxConfigurations resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.KubernetesConfiguration/fluxConfigurations@2022-07-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
azureBlob = {
accountKey = "string"
containerName = "string"
localAuthRef = "string"
managedIdentity = {
clientId = "string"
}
sasToken = "string"
servicePrincipal = {
clientCertificate = "string"
clientCertificatePassword = "string"
clientCertificateSendChain = bool
clientId = "string"
clientSecret = "string"
tenantId = "string"
}
syncIntervalInSeconds = int
timeoutInSeconds = int
url = "string"
}
bucket = {
accessKey = "string"
bucketName = "string"
insecure = bool
localAuthRef = "string"
syncIntervalInSeconds = int
timeoutInSeconds = int
url = "string"
}
configurationProtectedSettings = {
{customized property} = "string"
}
gitRepository = {
httpsCACert = "string"
httpsUser = "string"
localAuthRef = "string"
repositoryRef = {
branch = "string"
commit = "string"
semver = "string"
tag = "string"
}
sshKnownHosts = "string"
syncIntervalInSeconds = int
timeoutInSeconds = int
url = "string"
}
kustomizations = {
{customized property} = {
dependsOn = [
"string"
]
force = bool
path = "string"
prune = bool
retryIntervalInSeconds = int
syncIntervalInSeconds = int
timeoutInSeconds = int
}
}
namespace = "string"
scope = "string"
sourceKind = "string"
suspend = bool
}
})
}
Property values
AzureBlobDefinition
| Name | Description | Value |
|---|---|---|
| accountKey | The account key (shared key) to access the storage account | string Constraints: Sensitive value. Pass in as a secure parameter. |
| containerName | The Azure Blob container name to sync from the url endpoint for the flux configuration. | string |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| managedIdentity | Parameters to authenticate using a Managed Identity. | ManagedIdentityDefinition |
| sasToken | The Shared Access token to access the storage container | string Constraints: Sensitive value. Pass in as a secure parameter. |
| servicePrincipal | Parameters to authenticate using Service Principal. | ServicePrincipalDefinition |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster Azure Blob source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster Azure Blob source with the remote. | int |
| url | The URL to sync for the flux configuration Azure Blob storage account. | string |
BucketDefinition
| Name | Description | Value |
|---|---|---|
| accessKey | Plaintext access key used to securely access the S3 bucket | string |
| bucketName | The bucket name to sync from the url endpoint for the flux configuration. | string |
| insecure | Specify whether to use insecure communication when puling data from the S3 bucket. | bool |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster bucket source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster bucket source with the remote. | int |
| url | The URL to sync for the flux configuration S3 bucket. | string |
FluxConfigurationProperties
| Name | Description | Value |
|---|---|---|
| azureBlob | Parameters to reconcile to the AzureBlob source kind type. | AzureBlobDefinition |
| bucket | Parameters to reconcile to the Bucket source kind type. | BucketDefinition |
| configurationProtectedSettings | Key-value pairs of protected configuration settings for the configuration | FluxConfigurationPropertiesConfigurationProtectedSettings |
| gitRepository | Parameters to reconcile to the GitRepository source kind type. | GitRepositoryDefinition |
| kustomizations | Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. | FluxConfigurationPropertiesKustomizations |
| namespace | The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. | string |
| scope | Scope at which the operator will be installed. | 'cluster' 'namespace' |
| sourceKind | Source Kind to pull the configuration data from. | 'AzureBlob' 'Bucket' 'GitRepository' |
| suspend | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | bool |
FluxConfigurationPropertiesConfigurationProtectedSettings
| Name | Description | Value |
|---|
FluxConfigurationPropertiesKustomizations
| Name | Description | Value |
|---|
GitRepositoryDefinition
| Name | Description | Value |
|---|---|---|
| httpsCACert | Base64-encoded HTTPS certificate authority contents used to access git private git repositories over HTTPS | string |
| httpsUser | Plaintext HTTPS username used to access private git repositories over HTTPS | string |
| localAuthRef | Name of a local secret on the Kubernetes cluster to use as the authentication secret rather than the managed or user-provided configuration secrets. | string |
| repositoryRef | The source reference for the GitRepository object. | RepositoryRefDefinition |
| sshKnownHosts | Base64-encoded known_hosts value containing public SSH keys required to access private git repositories over SSH | string |
| syncIntervalInSeconds | The interval at which to re-reconcile the cluster git repository source with the remote. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the cluster git repository source with the remote. | int |
| url | The URL to sync for the flux configuration git repository. | string |
KustomizationDefinition
| Name | Description | Value |
|---|---|---|
| dependsOn | Specifies other Kustomizations that this Kustomization depends on. This Kustomization will not reconcile until all dependencies have completed their reconciliation. | string[] |
| force | Enable/disable re-creating Kubernetes resources on the cluster when patching fails due to an immutable field change. | bool |
| path | The path in the source reference to reconcile on the cluster. | string |
| prune | Enable/disable garbage collections of Kubernetes objects created by this Kustomization. | bool |
| retryIntervalInSeconds | The interval at which to re-reconcile the Kustomization on the cluster in the event of failure on reconciliation. | int |
| syncIntervalInSeconds | The interval at which to re-reconcile the Kustomization on the cluster. | int |
| timeoutInSeconds | The maximum time to attempt to reconcile the Kustomization on the cluster. | int |
ManagedIdentityDefinition
| Name | Description | Value |
|---|---|---|
| clientId | The client Id for authenticating a Managed Identity. | string |
Microsoft.KubernetesConfiguration/fluxConfigurations
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | Properties to create a Flux Configuration resource | FluxConfigurationProperties |
| type | The resource type | "Microsoft.KubernetesConfiguration/fluxConfigurations@2022-07-01" |
RepositoryRefDefinition
| Name | Description | Value |
|---|---|---|
| branch | The git repository branch name to checkout. | string |
| commit | The commit SHA to checkout. This value must be combined with the branch name to be valid. This takes precedence over semver. | string |
| semver | The semver range used to match against git repository tags. This takes precedence over tag. | string |
| tag | The git repository tag name to checkout. This takes precedence over branch. | string |
ServicePrincipalDefinition
| Name | Description | Value |
|---|---|---|
| clientCertificate | Base64-encoded certificate used to authenticate a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| clientCertificatePassword | The password for the certificate used to authenticate a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| clientCertificateSendChain | Specifies whether to include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication for the Client Certificate | bool |
| clientId | The client Id for authenticating a Service Principal. | string |
| clientSecret | The client secret for authenticating a Service Principal | string Constraints: Sensitive value. Pass in as a secure parameter. |
| tenantId | The tenant Id for authenticating a Service Principal | string |