Applications configuration
Example Configuration
apiVersion: securitytower.io/v1alpha1
kind: Application
metadata:
# Must be unique across all applications stored in this repository.
name: example-application
spec:
applicationOwner: owner@example.com
iconURL: https://securitytower.syncier.com/favicon.ico
securityLevel: internal
# Each stage represents a running instance of the application.
# Stages can be deployed across different clusters, or in the same cluster within different namespaces.
# They can be linked to each other in order to represent the staging flow of the application.
stages:
- name: example-app-staging
cluster:
# Points to the location where the Syncier Security Tower cluster configuration is stored.
repository: https://github.com/securitytower/example-cluster-1.git
name: example-cluster
# 'resources' must point to the location where the application's manifests reside.
resources:
repository: https://github.com/securitytower/example-app
# 'revision' can be omitted, if not present it uses the default branch of the repository.
revision: main
path: example-app
targetNamespace: example-app
- name: example-app-production
cluster:
repository: https://github.com/securitytower/example-cluster-2.git
name: example-cluster
# In case the application's manifests are hosted in the cluster repository.
# Thus, it is sufficient to specify only the path inside this repository.
resources:
path: apps/example-app
previousStage: example-app-staging
Field Definitions
| Field | Type | Mandatory | Default | Description |
|---|---|---|---|---|
apiVersion | string | yes | Fixed value: securitytower.io/v1alpha1 | |
kind | string | yes | Fixed value: Application | |
metadata.name | string | yes | The name of the application. | |
spec.applicationOwner | string | no | The email or the name of a contact person. | |
spec.iconURL | string | no | The URL of an icon which should be displayed in the Security Tower user interface for this application. | |
spec.securityLevel | string | no | The security level of the application: public, internal, confidential or strictly confidential |
Stage Configuration
| Field | Type | Mandatory | Default | Description |
|---|---|---|---|---|
name | string | yes | The name of the application stage (e.g. dev, staging, prod). | |
cluster.repository | string | yes | The URL of the cluster repository the stage is deployed to. A cluster configuration must exist for this repository. | |
cluster.name | string | yes | The name of the cluster the stage is deployed to. Corresponds to the metadata.name field in the cluster configuration. | |
resources.repository | string | no | Falls back to cluster.repository | The URL of the Git repository where the application is hosted. |
resources.revision | string | no | default branch name of the repository | The Git reference to use for the application repository (e.g. branch name). |
resources.path | string | yes | The path to the application files inside the repository. | |
targetNamespace | string | yes | The namespace into which the application is deployed. | |
previousStage | string | no | Stages can be linked to each other in order to represent the staging flow of the application (e.g. dev → staging → prod). This field takes the name of another stage configured in the same file. |
