Resource Types

These Resource Types are available in the Platform Orchestrator.

Resource Type “use”

Each Resource Type has a “use” defined by one of those values:

  • Direct: A Resource of this type can be a direct Resource dependency of a Workload. It may be requested in the resources section of a Score file.
    • Examples: mysql, s3, volume
  • Indirect: A Resource of this type can be referenced by other Resources but not be a direct dependency of a Workload.
    • Example: A direct dns Resource referencing an indirect ingress Resource.
    • Example: An implicit workload Resource referencing an indirect k8s-service-account Resource.
  • Implicit: A Resource of this type is automatically referenced for every Deployment, i.e. it is automatically provisioned by the Platform Orchestrator.
    • You cannot have Workload dependencies on implicit Resources.
    • Examples: k8s-cluster, base-env , workload

agent

Category Use
k8s indirect

Inputs

None

Outputs

Values

None

Secrets

Property Type Description
url string The signed URL that can be used as an HTTP Proxy for accessing private resources.

amqp

Used to provision an AMQP resource such as a RabbitMQ, AmazonMQ or ApacheMQ queue.

Category Use
messaging direct

Inputs

None

Outputs

Values

Property Type Description
host string The hostname or IP Address of the broker.
port integer The TCP port that the broker is available on.
vhost string The virtual host that the client should connect with. Must be a URI segment.

Secrets

Property Type Description
password string The password to connect with.
username string The username to connect with.

aws-policy

Used to provision an AWS IAM Policy.

Category Use
aws indirect

Inputs

None

Outputs

Values

Property Type Description
arn string The Amazon Resource Name (ARN) of the policy

Secrets

None


aws-role

Used to provision an AWS IAM Role.

Category Use
aws indirect

Inputs

None

Outputs

Values

Property Type Description
arn string The Amazon Resource Name (ARN) of the role

Secrets

None


azure-blob

Azure Blob Storage provides object storage in Azure.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
account string The globally unique name for the Azure Storage Account. Must be lowercase alphanumeric between 3 and 24 characters.
container string The name for the Azure Blob Storage Container. Must be lowercase alphanumeric and the dash (-) character between 3 and 63 characters.

Secrets

None


azure-federated-identity

Category Use
azure indirect

Inputs

None

Outputs

Values

Property Type Description
id string The ID of the Federated Identity Credential

Secrets

None


azure-managed-identity

Category Use
azure indirect

Inputs

None

Outputs

Values

Property Type Description
client_id string The ID of the app associated with the Identity
id string The ID of the User Assigned Identity
principal_id string The ID of the Service Principal object associated with the created Identity

Secrets

None


azure-role-assignments

Category Use
azure indirect

Inputs

None

Outputs

Values

Property Type Description
ids array The Role Assignment IDs

Secrets

None


azure-role-definition

Category Use
azure indirect

Inputs

None

Outputs

Values

Property Type Description
id string The Azure Resource Manager ID for the resource
scope string The scope at which the Role Definition applies to

Secrets

None


azure-service-bus-queue

Category Use
messaging direct

Inputs

None

Outputs

Values

Property Type Description
hostname string Specifies the hostname of the ServiceBus Namespace resource
namespace string Specifies the name of the ServiceBus Namespace resource
queue string Specifies the name of the ServiceBus Queue resource

Secrets

None


base-env

Automatically provisioned once per environment providing a way of bootstrapping environment resources.

Category Use
general implicit

Inputs

Property Type Description
id string The ID of the environment being created.

Outputs

None


cassandra

Used to provision a Cassandra database.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
host string The IP Address or DNS name of the host that the Cassandra node is available on.
keyspace string The name of the Cassandra keyspace.
port integer The port on the host that the Cassandra node is available on.

Secrets

Property Type Description
password string None
username string None

config

A convenience type meant to act as a central reference for values that should be used in many resource definitions.

Category Use
general indirect

Inputs

None

Outputs

None


confluent-api-key

Used to provision a Confluent API Key. This is intended to be used as a direct Resource Dependency.

Category Use
messaging direct

Inputs

None

Outputs

Values

None

Secrets

None


confluent-service-account

Used to provision a Confluent Service Account.

Category Use
messaging indirect

Inputs

None

Outputs

Values

Property Type Description
description string The optional description of the Confluent Service Account.
id string The ID of the Confluent Service Account.
name string The name of the Confluent Service Account.

Secrets

None

Notes

The Confluent Service account is intended to be used as an indirect resource. This means that workloads should not use them as Resource Dependencies.


dns

Used to define a DNS name for use by a workload.

Category Use
dns direct

Inputs

None

Outputs

Values

Property Type Description
host string The DNS name returned by the driver. It can include one wildcard covering the subdomain.

Secrets

None

Example

To create URL referencing a DNS name defined at the application level under the ID my-dns:

https://${shared.my-dns.host}/my-service

dynamodb-table

Used to define a new DynamoDB table.

Category Use
datastore direct

Inputs

Property Type Description
name string The name of the DynamoDB table to use. Optional and can be ignored at provision time.

Outputs

Values

Property Type Description
name string The name of the DynamoDB table to use.
region string The AWS region the DynamoDB table is in.

Secrets

None

Notes

In general, a resource definition will not necessarily create the table itself - this is normally done by application code itself. The most common use of this type is to provide a unique table name that can be used by the application. This is especially useful when working with preview environments where many environments may work within the same AWS account and region.


elasticsearch

Used to provision an Elastic Search cluster.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
host string None
port integer None

Secrets

Property Type Description
password string None
username string None

gcp-iam-policy-binding

Category Use
gcp indirect

Inputs

None

Outputs

None


gcp-pubsub-subscription

Category Use
messaging direct

Inputs

Property Type Description
values object None

Outputs

Values

Property Type Description
name string Must be 3-255 characters, start with a letter, and contain only the following characters: letters, numbers, dashes (-), periods (.), underscores (_), tildes (~), percents (%) or plus signs (+). Cannot start with goog..
topic string Must be 3-255 characters, start with a letter, and contain only the following characters: letters, numbers, dashes (-), periods (.), underscores (_), tildes (~), percents (%) or plus signs (+). Cannot start with goog..

Secrets

None


gcp-pubsub-topic

Category Use
messaging direct

Inputs

None

Outputs

Values

Property Type Description
name string Must be 3-255 characters, start with a letter, and contain only the following characters: letters, numbers, dashes (-), periods (.), underscores (_), tildes (~), percents (%) or plus signs (+). Cannot start with goog..

Secrets

None


gcp-service-account

GCP Service Accounts are a special kind of account typically used by an application or compute workload. A service account is identified by its email address, which is unique to the account.

Category Use
gcp direct

Inputs

None

Outputs

Values

Property Type Description
email string An email address uniquely identifying a GCP Service Account.

Secrets

None


gcp-service-account-key

This represents a static key for a gcp-service-account.

Category Use
gcp direct

Inputs

None

Outputs

Values

Property Type Description
email string An email address uniquely identifying the GCP Service Account this key refers to.

Secrets

Property Type Description
credentials string The JSON format Service Account key encoded as a string.

Notes

In general, the use of static tokens is discouraged: https://cloud.google.com/iam/docs/best-practices-service-accounts#service-account-keys


gcs

Google Cloud Storage buckets are “blob” storage.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
name string A unique ID made up of a set of DNS names (lowercase alphanumeric and - between 3 and 63 characters long) separated by . up to a total length of 222 characters.

Secrets

None

Notes

GCS Buckets have global names. Clients require the bucket name and credentials to access the bucket. Region is only required for creation - not for access.


horizontal-pod-autoscaler

Used to define a Horizontal Pod Autoscaler for a workload.

Category Use
autoscaler direct

Inputs

Property Type Description
maxReplicas integer The maximum number of replicas to scale to. (Must be > minReplicas.)
minReplicas integer The minimum number of replicas to scale to. (Must be > 0.)
targetCPUUtilizationPercentage integer The percentage of the CPU resource limit to attempt to scale to. (Must be between 0 and 100.)

Outputs

None

Notes

Humanitec does not require that drivers honor Resource Inputs. A common use case for the Horizontal Pod Autoscaler resource type is to override the maxReplicas for development environments to preserve resources.


ingress

Used to generate ingress or similar routing manifests in the cluster.

Category Use
ingress indirect

Inputs

Property Type Description
host string The host with possible wildcard prefix that the rules apply to
namespace string The namespace that the services are in.
rules object Covers types of routing. Currently only http is supported.
tls_secret_name string The secret that should be used for TLS. Note: the secret must be in the current namespace and can be used for multiple hosts.

Outputs

Values

Property Type Description
host string The host with possible wildcard prefix that the rules apply to
namespace string The namespace that the services are in.
rules object Covers types of routing. Currently only http is supported.
tls_secret_name string The secret that should be used for TLS. Note: the secret must be in the current namespace and can be used for multiple hosts.

Secrets

None

Notes

This resource type is implicitly created by the Platform Orchestrator if the ingress feature is use in a Workload Profile.


k8s-cluster

Used to define a Kubernetes cluster to deploy into.

Category Use
k8s implicit

Inputs

None

Outputs

Values

Property Type Description
loadbalancer string Load Balancer IP address or host name.
name string Kubernetes cluster name.

Secrets

None


k8s-namespace

Category Use
k8s implicit

Inputs

None

Outputs

Values

Property Type Description
namespace string Kubernetes namespace.

Secrets

None


k8s-service-account

Used to define a Kubernetes Service Account.

Category Use
k8s indirect

Inputs

None

Outputs

Values

Property Type Description
name string Service account name. Must be a valid DNS Subdomain

Secrets

None


kafka-topic

Used to provision a Kafka Topic.

Category Use
messaging direct

Inputs

None

Outputs

Values

Property Type Description
host string The IP address or hostname the cluster is available on.
name string The name of the topic that the workload should use.
port integer The port on the host that the cluster is available on.

Secrets

None


logging

Used to configure how logs are collected by the Platform Orchestrator.

Category Use
logging implicit

Inputs

None

Outputs

None


mariadb

Used to provision a database in a MariaDB instance.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
host string The IP address or hostname the instance is available on.
name string The name of the database that the workload should connect to.
port integer The port on the host that the instance is available on.

Secrets

Property Type Description
password string The password for the user or role.
username string The user or role that the workload should use to connect to the database.

Notes

MariaDB is by design protocol compatible with MySQL, so the mariadb and mysqlresource types can be used interchangeably.

Example

For a MariaDB database added as a Shared Resource Dependency to an Application under the ID my-db, a connection string can be built as:

mysql://${shared.my-db.username}:${shared.my-db.password}@${externals.my-db.host}:${shared.my-db.port}/${shared.my-db.name}

mongodb

null

Category Use
datastore direct

Inputs

None

Outputs

Values

None

Secrets

Property Type Description
connection string The connection string to the MongoDB cluster.

mysql

Used to provision a database in a MySQL instance.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
host string The IP address or hostname the instance is available on.
name string The name of the database that the workload should connect to.
port integer The port on the host that the instance is available on.

Secrets

Property Type Description
password string The password for the user or role.
username string The user or role that the workload should use to connect to the database.

Notes

MariaDB is by design protocol compatible with MySQL, so the mysql and mariaresource types can be used interchangeably.

Example

For a MySQL database added as a Shared Resource Dependency to an Application under the ID my-db, a connection string can be built as:

mysql://${shared.my-db.username}:${shared.my-db.password}@${externals.my-db.host}:${shared.my-db.port}/${shared.my-db.name}

oauth-client-identity

Used to supply an OAuth Client Identity that should be used by an Application.

Category Use
identity direct

Inputs

None

Outputs

Values

Property Type Description
client_id string The unique Client Identifier issued by the authorization server.
issuer string Verifiable identifier for an issuer. An issuer identifier is a case-sensitive URL that uses the HTTPS scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.

Secrets

Property Type Description
client_secret string The Client Secret associated with the Client Identifier.

postgres

Used to provision a database in a PostgreSQL instance.

Category Use
datastore direct

Inputs

Property Type Description
extensions object None

Outputs

Values

Property Type Description
host string The IP address or hostname the instance is available on.
name string The name of the database that the workload should connect to.
port integer The port on the host that the instance is available on.

Secrets

Property Type Description
password string The password for the user or role.
username string The user or role that the workload should use to connect to the database.

Example

For a PostgreSQL database added as a Shared Resource Dependency to an Application under the ID my-db, a connection string can be built as:

postgresql://${shared.my-db.username}:${shared.my-db.password}@${externals.my-db.host}:${shared.my-db.port}/${shared.my-db.name}

redis

Used to provision a Redis instance.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
host string None
port integer None

Secrets

Property Type Description
password string None
username string None

route

A route defines a URL mapping to direct traffic to a service.

Category Use
ingress direct

Inputs

Property Type Description
host string The host with possible wildcard prefix that the rules apply to.
path string The path of the route. The format depends on the implementation e.g. whether regular expressions are supported.
port integer The port on the service to route to.

Outputs

Values

None

Secrets

None

Notes

Routes are an abstract way of specifying a URL mapping. They are made up of a host, port and path.


s3

Used to provision an S3 bucket.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
bucket string The globally unique name for the bucket.
region string The AWS region the bucket is hosted in.

Secrets

Property Type Description
aws_access_key_id string None
aws_secret_access_key string None
aws_session_token string None

sns-topic

Used to provision an AWS SNS topic.

Category Use
messaging direct

Inputs

Property Type Description
name string Hint for the name of the Topic. Optional and can be ignored at provision time.

Outputs

Values

Property Type Description
arn string The ARN of the SNS topic.
name string The name of the SNS topic.
region string The AWS region the SNS topic is in.

Secrets

None


spanner

Represents a Google Spanner database.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
database string The ID for the Google Cloud Spanner Database. Must be lowercase alphanumeric, the underscore (_) and the dash (-) character between 2 and 30 characters.
instance string The ID for the Google Cloud Spanner Instance. Must be lowercase alphanumeric between 2 and 64 characters.
project string The ID of the Google Cloud Project for the Google Cloud Spanner Instance.

Secrets

None


spanner-instance

Represents a Google Spanner instance.

Category Use
datastore direct

Inputs

None

Outputs

Values

Property Type Description
instance string The ID for the Google Cloud Spanner Instance. Must be lowercase alphanumeric between 2 and 64 characters.
project string The ID of the Google Cloud Project for the Google Cloud Spanner Instance.

Secrets

None

Notes

This type is often used when an application will provision its own Spanner databases within an instance.


sqs

Used to provision an AWS SQS queue.

Category Use
messaging direct

Inputs

None

Outputs

Values

Property Type Description
region string The AWS region the SQS queue is in
url string The URL of the SQS Queue

Secrets

None


tls-cert

Used to define a TLS Certificate for use with a DNS name.

Category Use
security direct

Inputs

None

Outputs

Values

Property Type Description
tls_secret_name string Name of Kubernetes Secret in which TLS certificate stored.

Secrets

Property Type Description
tls undefined The TLS certificate and private key for the DNS Name specfied in host. Should be provided in K8s format - that is an object with properties tls.crt and tls.key.

volume

Used to provision a persistent volume.

Category Use
datastore direct

Inputs

None

Outputs

None


workload

Used to optionally override values in the workload entry of the deployment set before deployment.

Category Use
general implicit

Inputs

Property Type Description
id string The ID of the workload in the deployment set.
profile string The Workload Profile for the workload in the deployment set.
spec object An object representing the inputs for the Workload Profile

Outputs

Values

Property Type Description
update array Any array of JSONPatch objects to apply to a workload object.

Secrets

None

Notes

This is also a practical way of injecting manifests that are scoped per workload.

The update output of an array of JSONPatch objects to apply to a workload object is limited as follows: The op property in a JSONPatch may only be one of the following values: add, remove or replace.

Example

This example shows how a resource definition could be defined to change the serviceAccountName to dev-service-account in environments of type development, but only if it has been set.

apiVersion: entity.humanitec.io/v1b1
kind: Definition
metadata:
  id: service-account-name-override-dev
entity:
  type: workload
  name: service-account-name-override-dev
  driver_type: humanitec/template
  driver_inputs:
    values:
      templates:
        outputs: |
          {{- if .resources.spec.serviceAccountName }}
          update:
          - op: replace
            path: /spec/serviceAccountName
            value: dev-service-account
          {{- end}}
  criteria:
  - env_type: development
Top