Applications configuration

Example Configuration

apiVersion: securitytower.io/v1alpha1
kind: Application
metadata:
  # Must be unique across all applications stored in this repository.
  name: example-application
spec:
  applicationOwner: owner@example.com
  iconURL: https://securitytower.syncier.com/favicon.ico
  securityLevel: internal
  # Each stage represents a running instance of the application.
  # Stages can be deployed across different clusters, or in the same cluster within different namespaces.
  # They can be linked to each other in order to represent the staging flow of the application.
  stages:
    - name: example-app-staging
      cluster:
        # Points to the location where the Syncier Security Tower cluster configuration is stored.
        repository: https://github.com/securitytower/example-cluster-1.git
        name: example-cluster
      # 'resources' must point to the location where the application's manifests reside.
      resources:
        repository: https://github.com/securitytower/example-app
        # 'revision' can be omitted, if not present it uses the default branch of the repository.
        revision: main
        path: example-app
      targetNamespace: example-app
    - name: example-app-production
      cluster:
        repository: https://github.com/securitytower/example-cluster-2.git
        name: example-cluster
      # In case the application's manifests are hosted in the cluster repository.
      # Thus, it is sufficient to specify only the path inside this repository.
      resources:
        path: apps/example-app
      previousStage: example-app-staging

Field Definitions

FieldTypeMandatoryDefaultDescription
apiVersionstringyesFixed value: securitytower.io/v1alpha1
kindstringyesFixed value: Application
metadata.namestringyesThe name of the application.
spec.applicationOwnerstringnoThe email or the name of a contact person.
spec.iconURLstringnoThe URL of an icon which should be displayed in the Security Tower user interface for this application.
spec.securityLevelstringnoThe security level of the application: public, internal, confidential or strictly confidential

Stage Configuration

FieldTypeMandatoryDefaultDescription
namestringyesThe name of the application stage (e.g. dev, staging, prod).
cluster.repositorystringyesThe URL of the cluster repository the stage is deployed to. A cluster configuration must exist for this repository.
cluster.namestringyesThe name of the cluster the stage is deployed to. Corresponds to the metadata.name field in the cluster configuration.
resources.repositorystringnoFalls back to cluster.repositoryThe URL of the Git repository where the application is hosted.
resources.revisionstringnodefault branch name of the repositoryThe Git reference to use for the application repository (e.g. branch name).
resources.pathstringyesThe path to the application files inside the repository.
targetNamespacestringyesThe namespace into which the application is deployed.
previousStagestringnoStages can be linked to each other in order to represent the staging flow of the application (e.g. dev → staging → prod). This field takes the name of another stage configured in the same file.