Skip to content

Target

A Target is an entity in ConfigHub that represents a deployment target where configuration can be applied for a specific ToolchainType and ProviderType. It abstracts access to Kubernetes clusters, cloud accounts, and other services. The Target encompasses the location (e.g., IP address, URL) of the system under management and the credentials to access it. It allows ConfigHub users to manage resources without directly handling credentials.

A Worker is responsible for managing access to infrastructure resources. It obtains access through credentials or assumes a role with appropriate permissions. Once a Worker establishes access, it registers the resource as a Target in ConfigHub. Users with permission to use a Target can associate Config Units with it, enabling controlled application of configuration changes. Workers may have access to multiple Targets, potentially of multiple toolchain types and/or provider types.

Provider Type

Some toolchains support multiple underlying service providers, which may have different kinds of credentials and different configuration details. Cloud services such as AWS, Azure, and GCP are examples of different providers. Even the Kubernetes/YAML toolchain type has multiple providers, because intermediary tools, such as FluxCD, and storage systems have additional or different credentials and configuration.

Config Types

A Target supports one or more ConfigTypes. Each ConfigType is a (ProviderType, ToolchainType, LiveStateType) tuple that the Target's Worker can handle, optionally with a list of Options (see below).

For backward compatibility, the first ConfigType is inlined into the Target as the top-level ProviderType, ToolchainType, LiveStateType, and Options fields. Any additional ConfigTypes appear in the Target's ConfigTypes array. The full set of valid ConfigTypes for a Target is the inlined one plus any entries in ConfigTypes. A Unit's ProviderType and ToolchainType are validated against this combined set when the Unit is attached.

This lets a single Target serve multiple bridges. For example, a Kubernetes-cluster Target backed by a worker installed with -t kubernetes,argocdrenderer,argocdoci advertises three ConfigTypes on the same Target — Kubernetes (inlined at the top level), plus ArgoCDRenderer and ArgoCDOCI in ConfigTypes — all with ToolchainType Kubernetes/YAML. The Unit's ProviderType selects which bridge processes the Unit. This is how cub gitops import can use one Target slug for discovery, rendering, and deployment.

You can inspect a Target's ConfigTypes with:

cub target get --space <space> <target-slug> --jq ".Target"

Bridge Options

Each ConfigType may declare Options — parameters that configure how the bridge behaves for that ConfigType. An option has a name (PascalCase), description, required flag, data type, and optional example. Options are set on the Target (and can be overridden per-Unit via TargetOptions). When a Unit's action dispatches, the bridge receives merged values in the payload.

Example: the ArgoCDRenderer and FluxRenderer bridges expose an IsAuthoritative option.

  • IsAuthoritative=false (default) — the Application / HelmRelease / Kustomization must already exist in the cluster; the bridge only reads rendered manifests. The bridge returns an error if autosync is enabled (ArgoCD) or spec.suspend is not true (Flux), because otherwise the GitOps tool, not ConfigHub, would own the rendered output.
  • IsAuthoritative=true — the bridge creates, updates, and deletes the resource itself. For ArgoCD the bridge also disables autosync automatically; for Flux it sets spec.suspend=true automatically.

Set an option on a Target with cub target update --patch --option IsAuthoritative=true <target-slug>.

The full schema is defined in core/worker/api/bridge_worker_info.go (ConfigType, ConfigTypeSignature, BridgeOption, SupportedConfigType).

Target Examples

  • Kubernetes Clusters – A Target could correspond to a context in a kubeconfig file, in the case of ProviderType Kubernetes for ToolchainType Kubernetes/YAML.
  • OpenTofu Providers – A Target could correspond to the provider configuration for a specific provider, such as the AWS provider in the case of ProviderType AWS for ToolchainType OpenTofu/HCL.