Kind
Receiver
Group
notification.toolkit.fluxcd.io
Version
v1
apiVersion: notification.toolkit.fluxcd.io/v1 kind: Receiver metadata: name: example
Tip: use .spec.events for path-only search
View raw schema
apiVersion string
APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind string
Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata object
spec object
ReceiverSpec defines the desired state of the Receiver.
events []string
Events specifies the list of event types to handle, e.g. 'push' for GitHub or 'Push Hook' for GitLab.
interval string
Interval at which to reconcile the Receiver with its Secret references.
pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$
oidcProviders []object
OIDCProviders specifies the OIDC providers used to authenticate incoming requests when Type is 'generic-oidc'. The provider whose IssuerURL matches the token's 'iss' claim is used to verify the token signature, expiration and audience, and to evaluate the configured CEL validations against the token claims.
audience string
Audience is the expected audience ('aud' claim) for tokens issued by this provider. Defaults to 'notification-controller'.
issuerURL string required
IssuerURL is the OIDC issuer URL used for provider discovery. It must match the 'iss' claim of tokens issued by this provider.
pattern: ^https?://
validations []object required
Validations is the list of CEL boolean expressions evaluated against the token claims and the variables. The request is accepted only if all of them evaluate to true; the message of each failing expression is returned to the caller. At least one validation is required. A valid signature alone does not authorize a request: public issuers issue tokens to any caller on the platform, so the validations must constrain the caller's identity claims (e.g. 'repository_owner' for GitHub Actions).
minItems: 1
expression string required
Expression is the CEL boolean expression to evaluate.
message string required
Message is returned to the caller when the expression evaluates to false.
variables []object
Variables is an optional list of named CEL expressions, evaluated in order and exposed as 'vars.<name>'. Each expression can read the token claims via 'claims' and any variable defined before it. Use it to share sub-expressions across validations.
expression string required
Expression is the CEL expression that defines the variable value.
name string required
Name is the variable name; it must be a valid CEL identifier.
resourceFilter string
ResourceFilter is a CEL expression expected to return a boolean that is evaluated for each resource referenced in the Resources field when a webhook is received. If the expression returns false then the controller will not request a reconciliation for the resource. The expression can read the resource metadata via 'res' and the webhook request body via 'req'. For generic-oidc receivers, the verified OIDC token claims are also available via 'claims'. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean.
resources []object required
A list of resources to be notified about changes.
apiVersion string
API version of the referent
filter string
Filter is a CEL expression expected to return a boolean that is evaluated for each resource matched by this reference when a webhook is received, in addition to the top-level resourceFilter. A reconciliation is requested only when both expressions (when set) return true. The expression can read the resource metadata via 'res' and the webhook request body via 'req'. For generic-oidc receivers, the verified OIDC token claims are also available via 'claims'. When the expression is specified the controller will parse it and mark the object as terminally failed if the expression is invalid or does not return a boolean.
kind string required
Kind of the referent
enum: Bucket, GitRepository, Kustomization, HelmRelease, HelmChart, HelmRepository, ImageRepository, ImagePolicy, ImageUpdateA... Bucket, GitRepository, Kustomization, HelmRelease, HelmChart, HelmRepository, ImageRepository, ImagePolicy, ImageUpdateAutomation, OCIRepository, ArtifactGenerator, ExternalArtifact, FluxInstance, ResourceSet, ResourceSetInputProvider
matchLabels object
MatchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. MatchLabels requires the name to be set to `*`.
name string required
Name of the referent If multiple resources are targeted `*` may be set.
minLength: 1
maxLength: 253
namespace string
Namespace of the referent
minLength: 1
maxLength: 253
secretRef object
SecretRef specifies the Secret containing the token used to validate the payload authenticity. The Secret must contain a 'token' key. For GCR receivers, the Secret must also contain an 'email' key with the IAM service account email configured on the Pub/Sub push subscription, and an 'audience' key with the expected OIDC token audience. Required for all receiver types except 'generic-oidc', which authenticates requests using the OIDC token instead and must not set this field.
name string required
Name of the referent.
suspend boolean
Suspend tells the controller to suspend subsequent events handling for this receiver.
type string required
Type of webhook sender, used to determine the validation procedure and payload deserialization.
enum: generic, generic-hmac, generic-oidc, github, gitlab, bitbucket, harbor, dockerhub, quay, gcr, nexus, acr, cdevents
status object
ReceiverStatus defines the observed state of the Receiver.
conditions []object
Conditions holds the conditions for the Receiver.
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
maxLength: 32768
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
minimum: 0
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
minLength: 1
maxLength: 1024
status string required
status of the condition, one of True, False, Unknown.
enum: True, False, Unknown
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
maxLength: 316
lastHandledReconcileAt string
LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected.
observedGeneration integer
ObservedGeneration is the last observed generation of the Receiver object.
format: int64
webhookPath string
WebhookPath is the generated incoming webhook address in the format of '/hook/sha256sum(token+name+namespace)'.

No matches. Try .spec.events for an exact path

Copied!