Resource Types
Learn to use the Resource Types in the Platform Orchestrator.
- amqp
- aws-policy
- aws-role
- azure-blob
- base-env
- cassandra
- config
- confluent-api-key
- confluent-service-account
- dns
- dynamodb-table
- elasticsearch
- gcp-service-account
- gcp-service-account-key
- gcs
- horizontal-pod-autoscaler
- ingress
- k8s-cluster
- k8s-namespace
- k8s-service-account
- kafka-topic
- logging
- mariadb
- mongodb
- mysql
- oauth-client-identity
- postgres
- redis
- route
- s3
- sns-topic
- spanner
- spanner-instance
- sqs
- tls-cert
- volume
- workload
On this page
- amqp
- aws-policy
- aws-role
- azure-blob
- base-env
- cassandra
- config
- confluent-api-key
- confluent-service-account
- dns
- dynamodb-table
- elasticsearch
- gcp-service-account
- gcp-service-account-key
- gcs
- horizontal-pod-autoscaler
- ingress
- k8s-cluster
- k8s-namespace
- k8s-service-account
- kafka-topic
- logging
- mariadb
- mongodb
- mysql
- oauth-client-identity
- postgres
- redis
- route
- s3
- sns-topic
- spanner
- spanner-instance
- sqs
- tls-cert
- volume
- workload
amqp
Used to provision an AMQP resource such as a RabbitMQ, AmazonMQ or ApacheMQ queue.
Category | Use |
---|---|
messaging | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The hostname or IP Address of the broker. |
port |
integer |
The TCP port that the broker is available on. |
vhost |
string |
The virtual host that the client should connect with. Must be a URI segment. |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
The password to connect with. |
username |
string |
The username to connect with. |
aws-policy
Used to provision an AWS IAM Policy.
Category | Use |
---|---|
aws | indirect |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
arn |
string |
The Amazon Resource Name (ARN) of the policy |
Secrets
None
aws-role
Used to provision an AWS IAM Role.
Category | Use |
---|---|
aws | indirect |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
arn |
string |
The Amazon Resource Name (ARN) of the role |
Secrets
None
azure-blob
Azure Blob Storage provides object storage in Azure.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
account |
string |
The globally unique name for the Azure Storage Account. Must be lowercase alphanumeric between 3 and 24 characters. |
container |
string |
The name for the Azure Blob Storage Container. Must be lowercase alphanumeric and the dash (-) character between 3 and 63 characters. |
Secrets
None
base-env
Automatically provisioned once per environment providing a way of bootstrapping environment resources.
Category | Use |
---|---|
general | implicit |
Inputs
Property | Type | Description |
---|---|---|
id |
string |
The ID of the environment being created. |
Outputs
None
cassandra
Used to provision a Cassandra database.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The IP Address or DNS name of the host that the Cassandra node is available on. |
keyspace |
string |
The name of the Cassandra keyspace. |
port |
integer |
The port on the host that the Cassandra node is available on. |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
undefined |
username |
string |
undefined |
config
A convenience type meant to act as a central reference for values that should be used in many resource definitions.
Category | Use |
---|---|
general | direct |
Inputs
None
Outputs
None
confluent-api-key
Used to provision a Confluent API Key. This is intended to be used as a direct Resource Dependency.
Category | Use |
---|---|
messaging | direct |
Inputs
None
Outputs
Values
None
Secrets
None
confluent-service-account
Used to provision a Confluent Service Account.
Category | Use |
---|---|
messaging | indirect |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
description |
string |
The optional description of the Confluent Service Account. |
id |
string |
The ID of the Confluent Service Account. |
name |
string |
The name of the Confluent Service Account. |
Secrets
None
Notes
The Confluent Service account is intended to be used as an indirect resource. This means that workloads should not use them as Resource Dependencies.
dns
Used to define a DNS name for use by a workload.
Category | Use |
---|---|
dns | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The DNS name returned by the driver. It can include one wildcard covering the subdomain. |
Secrets
None
Example
To create URL referencing a DNS name defined at the application level under the ID my-dns
:
https://${shared.my-dns.host}/my-service
dynamodb-table
Used to define a new DynamoDB table.
Category | Use |
---|---|
datastore | direct |
Inputs
Property | Type | Description |
---|---|---|
name |
string |
The name of the DynamoDB table to use. Optional and can be ignored at provision time. |
Outputs
Values
Property | Type | Description |
---|---|---|
name |
string |
The name of the DynamoDB table to use. |
region |
string |
The AWS region the DynamoDB table is in. |
Secrets
None
Notes
In general, a resource definition will not necessarily create the table itself - this is normally done by application code itself. The most common use of this type is to provide a unique table name that can be used by the application. This is especially useful when working with preview environments where many environments may work within the same AWS account and region.
elasticsearch
Used to provision an Elastic Search cluster.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
undefined |
port |
integer |
undefined |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
undefined |
username |
string |
undefined |
gcp-service-account
GCP Service Accounts are a special kind of account typically used by an application or compute workload. A service account is identified by its email address, which is unique to the account.
Category | Use |
---|---|
gcp | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
email |
string |
An email address uniquely identifying a GCP Service Account. |
Secrets
None
gcp-service-account-key
This represents a static key for a gcp-service-account
.
Category | Use |
---|---|
gcp | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
email |
string |
An email address uniquely identifying the GCP Service Account this key refers to. |
Secrets
Property | Type | Description |
---|---|---|
credentials |
string |
The JSON format Service Account key encoded as a string. |
Notes
In general, the use of static tokens is discouraged: https://cloud.google.com/iam/docs/best-practices-service-accounts#service-account-keys
gcs
Google Cloud Storage buckets are “blob” storage.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
name |
string |
A unique ID made up of a set of DNS names (lowercase alphanumeric and - between 3 and 63 characters long) separated by . up to a total length of 222 characters. |
Secrets
None
Notes
GCS Buckets have global names. Clients require the bucket name and credentials to access the bucket. Region is only required for creation - not for access.
horizontal-pod-autoscaler
Used to define a Horizontal Pod Autoscaler for a workload.
Category | Use |
---|---|
autoscaler | direct |
Inputs
Property | Type | Description |
---|---|---|
maxReplicas |
integer |
The maximum number of replicas to scale to. (Must be > minReplicas.) |
minReplicas |
integer |
The minimum number of replicas to scale to. (Must be > 0.) |
targetCPUUtilizationPercentage |
integer |
The percentage of the CPU resource limit to attempt to scale to. (Must be between 0 and 100.) |
Outputs
None
Notes
Humanitec does not require that drivers honor Resource Inputs. A common use case for the Horizontal Pod Autoscaler resource type is to override the maxReplicas
for development environments to preserve resources.
ingress
Used to generate ingress or similar routing manifests in the cluster.
Category | Use |
---|---|
ingress | indirect |
Inputs
Property | Type | Description |
---|---|---|
host |
string |
The host with possible wildcard prefix that the rules apply to |
namespace |
string |
The namespace that the services are in. |
rules |
object |
Covers types of routing. Currently only http is supported. |
tls_secret_name |
string |
The secret that should be used for TLS. Note: the secret must be in the current namespace and can be used for multiple hosts. |
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The host with possible wildcard prefix that the rules apply to |
namespace |
string |
The namespace that the services are in. |
rules |
object |
Covers types of routing. Currently only http is supported. |
tls_secret_name |
string |
The secret that should be used for TLS. Note: the secret must be in the current namespace and can be used for multiple hosts. |
Secrets
None
Notes
This resource type is implicitly created by the Platform Orchestrator if the ingress
feature is use in a Workload Profile.
k8s-cluster
Used to define a Kubernetes cluster to deploy into.
Category | Use |
---|---|
k8s | implicit |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
loadbalancer |
string |
Load Balancer IP address or host name. |
name |
string |
Kubernetes cluster name. |
Secrets
None
k8s-namespace
Category | Use |
---|---|
k8s | implicit |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
namespace |
string |
Kubernetes namespace. |
Secrets
None
k8s-service-account
Used to define a Kubernetes Service Account.
Category | Use |
---|---|
k8s | indirect |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
name |
string |
Service account name. Must be a valid DNS Subdomain |
Secrets
None
kafka-topic
Used to provision a Kafka Topic.
Category | Use |
---|---|
messaging | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The IP address or hostname the cluster is available on. |
name |
string |
The name of the topic that the workload should use. |
port |
integer |
The port on the host that the cluster is available on. |
Secrets
None
logging
Used to configure how logs are collected by the Platform Orchestrator.
Category | Use |
---|---|
logging | implicit |
Inputs
None
Outputs
None
mariadb
Used to provision a database in a MariaDB instance.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The IP address or hostname the instance is available on. |
name |
string |
The name of the database that the workload should connect to. |
port |
integer |
The port on the host that the instance is available on. |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
The password for the user or role. |
username |
string |
The user or role that the workload should use to connect to the database. |
Notes
MariaDB is by design protocol compatible with MySQL, so the mariadb
and mysql
resource types can be used interchangeably.
Example
For a MariaDB database added as a Shared Resource Dependency to an Application under the ID my-db
, a connection string can be built as:
mysql://${shared.my-db.username}:${shared.my-db.password}@${externals.my-db.host}:${shared.my-db.port}/${shared.my-db.name}
mongodb
null
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
None
Secrets
Property | Type | Description |
---|---|---|
connection |
string |
The connection string to the MongoDB cluster. |
mysql
Used to provision a database in a MySQL instance.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The IP address or hostname the instance is available on. |
name |
string |
The name of the database that the workload should connect to. |
port |
integer |
The port on the host that the instance is available on. |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
The password for the user or role. |
username |
string |
The user or role that the workload should use to connect to the database. |
Notes
MariaDB is by design protocol compatible with MySQL, so the mysql
and maria
resource types can be used interchangeably.
Example
For a MySQL database added as a Shared Resource Dependency to an Application under the ID my-db
, a connection string can be built as:
mysql://${shared.my-db.username}:${shared.my-db.password}@${externals.my-db.host}:${shared.my-db.port}/${shared.my-db.name}
oauth-client-identity
Used to supply an OAuth Client Identity that should be used by an Application.
Category | Use |
---|---|
aws | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
client_id |
string |
The unique Client Identifier issued by the authorization server. |
issuer |
string |
Verifiable identifier for an issuer. An issuer identifier is a case-sensitive URL that uses the HTTPS scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components. |
Secrets
Property | Type | Description |
---|---|---|
client_secret |
string |
The Client Secret associated with the Client Identifier. |
postgres
Used to provision a database in a PostgreSQL instance.
Category | Use |
---|---|
datastore | direct |
Inputs
Property | Type | Description |
---|---|---|
externals |
object |
undefined |
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
The IP address or hostname the instance is available on. |
name |
string |
The name of the database that the workload should connect to. |
port |
integer |
The port on the host that the instance is available on. |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
The password for the user or role. |
username |
string |
The user or role that the workload should use to connect to the database. |
Example
For a PostgreSQL database added as a Shared Resource Dependency to an Application under the ID my-db
, a connection string can be built as:
postgresql://${shared.my-db.username}:${shared.my-db.password}@${externals.my-db.host}:${shared.my-db.port}/${shared.my-db.name}
redis
Used to provision a Redis instance.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
host |
string |
undefined |
port |
integer |
undefined |
Secrets
Property | Type | Description |
---|---|---|
password |
string |
undefined |
username |
string |
undefined |
route
A route defines a URL mapping to direct traffic to a service.
Category | Use |
---|---|
ingress | direct |
Inputs
Property | Type | Description |
---|---|---|
host |
string |
The host with possible wildcard prefix that the rules apply to. |
path |
string |
The path of the route. The format depends on the implementation e.g. whether regular expressions are supported. |
port |
integer |
The port on the service to route to. |
Outputs
Values
None
Secrets
None
Notes
Routes are an abstract way of specifying a URL mapping. They are made up of a host, port and path.
s3
Used to provision an S3 bucket.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
bucket |
string |
The globally unique name for the bucket. |
region |
string |
The AWS region the bucket is hosted in. |
Secrets
Property | Type | Description |
---|---|---|
aws_access_key_id |
string |
undefined |
aws_secret_access_key |
string |
undefined |
sns-topic
Used to provision an AWS SNS topic.
Category | Use |
---|---|
messaging | direct |
Inputs
Property | Type | Description |
---|---|---|
name |
string |
Hint for the name of the Topic. Optional and can be ignored at provision time. |
Outputs
Values
Property | Type | Description |
---|---|---|
arn |
string |
The ARN of the SNS topic. |
name |
string |
The name of the SNS topic. |
region |
string |
The AWS region the SNS topic is in. |
Secrets
None
spanner
Represents a Google Spanner database.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
database |
string |
The ID for the Google Cloud Spanner Database. Must be lowercase alphanumeric, the underscore (_) and the dash (-) character between 2 and 30 characters. |
instance |
string |
The ID for the Google Cloud Spanner Instance. Must be lowercase alphanumeric between 2 and 64 characters. |
project |
string |
The ID of the Google Cloud Project for the Google Cloud Spanner Instance. |
Secrets
None
spanner-instance
Represents a Google Spanner instance.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
instance |
string |
The ID for the Google Cloud Spanner Instance. Must be lowercase alphanumeric between 2 and 64 characters. |
project |
string |
The ID of the Google Cloud Project for the Google Cloud Spanner Instance. |
Secrets
None
Notes
This type is often used when an application will provision its own Spanner databases within an instance.
sqs
Used to provision an AWS SQS queue.
Category | Use |
---|---|
messaging | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
region |
string |
The AWS region the SQS queue is in |
url |
string |
The URL of the SQS Queue |
Secrets
None
tls-cert
Used to define a TLS Certificate for use with a DNS name.
Category | Use |
---|---|
security | direct |
Inputs
None
Outputs
Values
Property | Type | Description |
---|---|---|
tls_secret_name |
string |
Name of Kubernetes Secret in which TLS certificate stored. |
Secrets
Property | Type | Description |
---|---|---|
tls |
undefined |
The TLS certificate and private key for the DNS Name specfied in host . Should be provided in K8s format - that is an object with properties tls.crt and tls.key . |
volume
Used to provision a persistent volume.
Category | Use |
---|---|
datastore | direct |
Inputs
None
Outputs
None
workload
Used to optionally override values in the workload entry of the deployment set before deployment.
Category | Use |
---|---|
general | implicit |
Inputs
Property | Type | Description |
---|---|---|
id |
string |
The ID of the workload in the deployment set. |
profile |
string |
The Workload Profile for the workload in the deployment set. |
spec |
object |
An object representing the inputs for the Workload Profile |
Outputs
Values
Property | Type | Description |
---|---|---|
update |
array |
Any array of JSONPatch objects to apply to a workload object. |
Secrets
None
Notes
This is also a practical way of injecting manifests that are scoped per workload.
The update
output of an array of JSONPatch objects to apply to a workload object is limited as follows: The op
property in a JSONPatch may only be one of the following values: add
, remove
or replace
.
Example
This example shows how a resource definition could be defined to change the serviceAccountName
to dev-service-account
in environments of type development
, but only if it has been set.
apiVersion:
kind: Definition
metadata:
id: service-account-name-override-dev
object:
type: workload
driver_type: humanitec/template
driver_inputs:
values:
templates:
outputs: |
{{- if .resources.spec.serviceAccountName }}
update:
- op: replace
path: /spec/serviceAccountName
value: dev-service-account
{{- end}}
criteria:
- env_type: development