Cluster Configuration

Example Configuration

apiVersion: securitytower.io/v1alpha1
kind: Cluster
metadata:
  # Must be unique across all clusters stored in this repository.
  name: example-cluster
spec:
  # Enables visual grouping of clusters in app.securitytower.io
  tenant: example-tenant
  # Contact information for the cluster is shown in app.securitytower.io
  contact:
    email: email@example.com
    slack: https://org.slack.com/archives/XXXXXXXXX
  # Everything configured here is shown in app.securitytower.io
  configuration:
    description: example cluster
    geographicLocation: Azure - Germany West Central
    costCenter: 1000
    production: false
    securityLevel: public
  policies:
    # If 'repository' is not configured, then it defaults to the current repository.
    repository: https://github.com/securitytower/example-cluster.git
    # 'revision' can be left out. Syncier Security Tower will look for the default branch in this case.
    revision: main
    # Every Git location must at least have a 'path' defined.
    path: policies
  # The logic for locations defined in 'namespaces' is exactly like for the 'policies' location.
  namespaces:
    - repository: https://github.com/securitytower/example-cluster.git
      revision: main
      path: namespace-specs
  # This field is not mandatory. Only store kubeconfig file in git if it's not containing secrets.
  # The logic for locations defined in 'kubeconfig' is exactly like for the 'policies' location.
  kubeconfig:
    repository: https://github.com/securitytower/example-cluster.git
    revision: main
    path: cluster/metadata/kubeconfig.yaml

Field Definitions

FieldTypeMandatoryDefaultDescription
apiVersionstringyesFixed value: securitytower.io/v1alpha1
kindstringyesFixed value: Cluster
metadata.namestringyesThe name of the cluster. Must be unique over all clusters configured in this repository
spec.tenantstringnodefaultThe name of the tenant which is used to group multiple clusters
spec.contact.emailstringnoThe email of a contact person
spec.contact.slackstringnoThe contact Slack channel
spec.configuration.descriptionstringnoA short description of the cluster
spec.configuration.geographicLocationstringnoThe location of the cluster
spec.configuration.costCenterstringnoThe cost center which may be used to ease a cost calculation
spec.configuration.productionbooleannofalseIndicates whether the cluster will be used for production workloads
spec.configuration.securityLevelstringnoThe security level of the cluster: public, internal, confidential or strictly confidential
spec.configuration.disablePRFeedbackbooleannofalseIndicates whether Syncier Security Tower will provide feedback for pull requests
spec.policies.repositorystringnocurrent repositoryThe URL of the Git repository where the policies are stored
spec.policies.revisionstringnodefault branch name of the repositoryThe Git reference (e.g., branch name)
spec.policies.pathstringyesThe path in the repository where the policies are located
spec.namespaceslistnoGit locations where namespace specifications are defined. The entries are locations as known from spec.policies.
spec.kubeconfig.repositorystringnocurrent repositoryThe URL of the Git repository where the kubeconfig file is stored
spec.kubeconfig.revisionstringnodefault branch name of the repositoryThe Git reference (e.g., branch name)
spec.kubeconfig.pathstringyesThe path in the repository where the kubeconfig file is located