{ "description": "Provider is the Schema for the providers API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ProviderSpec defines the desired state of the Provider.", "properties": { "address": { "description": "Address specifies the endpoint, in a generic sense, to where alerts are sent.\nWhat kind of endpoint depends on the specific Provider type being used.\nFor the generic Provider, for example, this is an HTTP/S address.\nFor other Provider types this could be a project ID or a namespace.", "maxLength": 2048, "type": "string" }, "certSecretRef": { "description": "CertSecretRef specifies the Secret containing TLS certificates\nfor secure communication.\n\nSupported configurations:\n- CA-only: Server authentication (provide ca.crt only)\n- mTLS: Mutual authentication (provide ca.crt + tls.crt + tls.key)\n- Client-only: Client authentication with system CA (provide tls.crt + tls.key only)\n\nLegacy keys \"caFile\", \"certFile\", \"keyFile\" are supported but deprecated. Use \"ca.crt\", \"tls.crt\", \"tls.key\" instead.", "properties": { "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "channel": { "description": "Channel specifies the destination channel where events should be posted.", "maxLength": 2048, "type": "string" }, "commitStatusExpr": { "description": "CommitStatusExpr is a CEL expression that evaluates to a string value\nthat can be used to generate a custom commit status message for use\nwith eligible Provider types (github, gitlab, gitea, bitbucketserver,\nbitbucket, azuredevops). Supported variables are: event, provider,\nand alert.", "type": "string" }, "interval": { "description": "Interval at which to reconcile the Provider with its Secret references.\nDeprecated and not used in v1beta3.", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m|h))+$", "type": "string" }, "proxy": { "description": "Proxy the HTTP/S address of the proxy server.\nDeprecated: Use ProxySecretRef instead. Will be removed in v1.", "maxLength": 2048, "pattern": "^(http|https)://.*$", "type": "string" }, "proxySecretRef": { "description": "ProxySecretRef specifies the Secret containing the proxy configuration\nfor this Provider. The Secret should contain an 'address' key with the\nHTTP/S address of the proxy server. Optional 'username' and 'password'\nkeys can be provided for proxy authentication.", "properties": { "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "secretRef": { "description": "SecretRef specifies the Secret containing the authentication\ncredentials for this Provider.", "properties": { "name": { "description": "Name of the referent.", "type": "string" } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "serviceAccountName": { "description": "ServiceAccountName is the name of the Kubernetes ServiceAccount used to\nauthenticate with cloud provider services through workload identity.\nThis enables multi-tenant authentication without storing static credentials.\n\nSupported provider types: azureeventhub, azuredevops, googlepubsub\n\nWhen specified, the controller will:\n1. Create an OIDC token for the specified ServiceAccount\n2. Exchange it for cloud provider credentials via STS\n3. Use the obtained credentials for API authentication\n\nWhen unspecified, controller-level authentication is used (single-tenant).\n\nAn error is thrown if static credentials are also defined in SecretRef.\nThis field requires the ObjectLevelWorkloadIdentity feature gate to be enabled.", "type": "string" }, "suspend": { "description": "Suspend tells the controller to suspend subsequent\nevents handling for this Provider.", "type": "boolean" }, "timeout": { "description": "Timeout for sending alerts to the Provider.", "pattern": "^([0-9]+(\\.[0-9]+)?(ms|s|m))+$", "type": "string" }, "type": { "description": "Type specifies which Provider implementation to use.", "enum": [ "slack", "discord", "msteams", "rocket", "generic", "generic-hmac", "github", "gitlab", "gitea", "giteapullrequestcomment", "bitbucketserver", "bitbucket", "azuredevops", "googlechat", "googlepubsub", "webex", "sentry", "azureeventhub", "telegram", "lark", "matrix", "opsgenie", "alertmanager", "grafana", "githubdispatch", "githubpullrequestcomment", "gitlabmergerequestcomment", "pagerduty", "datadog", "nats", "zulip", "otel" ], "type": "string" }, "username": { "description": "Username specifies the name under which events are posted.", "maxLength": 2048, "type": "string" } }, "required": [ "type" ], "type": "object", "x-kubernetes-validations": [ { "message": "spec.commitStatusExpr is only supported for the 'github', 'gitlab', 'gitea', 'bitbucketserver', 'bitbucket', 'azuredevops' provider types", "rule": "self.type == 'github' || self.type == 'gitlab' || self.type == 'gitea' || self.type == 'bitbucketserver' || self.type == 'bitbucket' || self.type == 'azuredevops' || !has(self.commitStatusExpr)" } ], "additionalProperties": false } }, "type": "object" }