Project Descriptor reference
Akka Project descriptor
Akka’s Project Descriptor is a multi-document YAML file that defines the complete configuration for an Akka project, including
This allows you to manage multiple resources in a single file and apply them at once with the akka project apply command.
Each document in the project descriptor represents a single resource and follows a common structure:
| Field | Type | Description |
|---|---|---|
resource |
string required |
The type of resource: |
resourceVersion |
string required |
The version of the resource schema. Currently only |
metadata |
Optional metadata for the resource. Required for |
|
spec |
object required |
The specification for the resource. Structure depends on the resource type. |
Resource types
The project descriptor supports the following resource types. A single descriptor can contain multiple Service and Route documents, each with a unique name. The Observability, Broker, and RoleBindings resources are project-level singletons—only one of each can exist per project.
Service
Defines an Akka service with its container image, environment variables, and runtime configuration. A descriptor can include multiple Service documents, each with a unique name. See Service Descriptor reference for the complete reference.
resource: Service
resourceVersion: v1
metadata:
name: my-service
spec:
image: acr.us-east-1.akka.io/my-org/my-project/my-service:1.0.0
resources:
runtime:
mode: embedded
env:
- name: ENABLE_SOME_FEATURE
value: trueRoute
Defines how ingress traffic is routed to services. A descriptor can include multiple Route documents, each with a unique name. See Route Descriptor reference for the complete reference.
resource: Route
resourceVersion: v1
metadata:
name: api-gateway
spec:
routes:
- prefix: /api
route:
service: my-serviceObservability
Configures the project’s observability settings for exporting metrics, logs, and traces to third-party services. Only one observability configuration exists per project. See Observability Descriptor reference for the complete reference.
resource: Observability
resourceVersion: v1
spec:
exporter:
kalixConsole: {}Broker
Configures the message broker for the project. Only one broker configuration is supported per project.
| Field | Type | Description |
|---|---|---|
type |
string required |
The broker type: |
description |
string |
Optional description of the broker configuration |
gcpKey |
string |
Required for |
kafka |
Required for |
|
eventhubs |
Required for |
KafkaSASLSpec
Configuration for Kafka brokers using SASL authentication.
| Field | Type | Description |
|---|---|---|
authMechanism |
string required |
The SASL authentication mechanism. Supported values: |
servers |
string required |
Comma-separated list of Kafka bootstrap servers, e.g. |
username |
string required |
The username for SASL authentication. |
passwordSecret |
string required |
Reference to the secret containing the password, in the format |
caCertSecret |
string |
Optional reference to a secret containing the CA certificate for TLS, in the format |
Example:
resource: Broker
resourceVersion: v1
spec:
type: kafka
description: Production Kafka cluster
kafka:
authMechanism: SCRAM-SHA-256
servers: kafka-1.example.com:9092,kafka-2.example.com:9092
username: akka-service
passwordSecret: kafka-credentials/password
caCertSecret: kafka-credentials/ca-certEventHubsSpec
Configuration for Azure Event Hubs.
| Field | Type | Description |
|---|---|---|
connectionStringSecret |
string required |
Reference to the secret containing the Event Hubs connection string, in the format |
checkpointStoreSasTokenSecret |
string required |
Reference to the secret containing the SAS token for the checkpoint store, in the format |
checkpointStoreEndpoint |
string required |
The Azure Blob Storage endpoint for checkpointing, e.g. |
checkpointStoreContainerName |
string required |
The name of the blob container used for checkpointing. |
Example:
resource: Broker
resourceVersion: v1
spec:
type: eventhubs
description: Azure Event Hubs for production
eventhubs:
connectionStringSecret: eventhubs-credentials/connection-string
checkpointStoreSasTokenSecret: eventhubs-credentials/sas-token
checkpointStoreEndpoint: https://mystorageaccount.blob.core.windows.net
checkpointStoreContainerName: checkpointsRoleBindings
Configures the project’s OpenID Connect (OIDC) group-to-role mappings. Only one role binding configuration exists per project, but it can contain multiple group-to-role mappings. This enables automated role assignment based on group membership when using OIDC authentication at the organization level. The project must be owned by an organization with an OIDC setup.
| Field | Type | Description |
|---|---|---|
bindings |
List of group-to-role mappings. |
GroupRoleBinding
| Field | Type | Description |
|---|---|---|
group |
string required |
The OIDC group name from your identity provider. Must be a simple group name, not a full resource path. |
role |
string required |
The Akka project role to assign. Valid values: |
Example:
resource: RoleBindings
resourceVersion: v1
spec:
bindings:
- group: platform-admins
role: admin
- group: developers
role: developer
- group: support-team
role: viewerUsing the project descriptor
Exporting the descriptor for an existing project
To export all resources from an existing project as a descriptor:
akka project export --project my-project --file my-project.yamlThis exports all services, routes, observability configuration, broker settings, and role bindings to a single file. You can also write to standard output:
akka project export > project.yamlThe exported descriptor can be used as a starting point for version-controlled infrastructure, or to replicate a project’s configuration.
Applying a project descriptor
To configure the project according to the descriptor, use the akka project apply command.
The --dry-run flag allows validating a descriptor and see what would be applied without making any changes:
akka project apply --file project.yaml --dry-runTo apply a project descriptor, use the akka project apply command:
akka project apply --file project.yamlThis command will create or update all resources defined in the descriptor. Resources are processed in order, and the command will report which resources were created, updated, or skipped.
The apply operation is additive. It creates or updates resources defined in the descriptor, but does not remove resources that are absent from the file. If you previously applied a descriptor with three services and then apply a new version with only two services, the third service will remain deployed. To remove a resource, use the appropriate akka CLI delete command (e.g., akka service delete).
|
| For multi-region projects, the descriptor is applied to the primary region. Changes will then be synchronized to other regions automatically. |
Complete descriptor example
Here is a complete project descriptor demonstrating multiple resource types:
resource: Service
resourceVersion: v1
metadata:
name: cart-service
spec:
image: acr.us-east-1.akka.io/my-org/my-project/cart-service:1.0.0
resources:
runtime:
mode: embedded
env:
- name: LOG_LEVEL
value: INFO
---
resource: Service
resourceVersion: v1
metadata:
name: product-catalog
spec:
image: acr.us-east-1.akka.io/my-org/my-project/product-catalog:2.1.0
resources:
runtime:
mode: embedded
labels:
team: commerce
tier: backend
---
resource: Route
resourceVersion: v1
metadata:
name: api-gateway
spec:
routes:
- prefix: /carts
route:
service: cart-service
- prefix: /products
route:
service: product-catalog
---
resource: Observability
resourceVersion: v1
spec:
exporter:
kalixConsole: {}
---
resource: Broker
resourceVersion: v1
spec:
type: kafka
description: Production Kafka cluster
kafka:
authMechanism: SCRAM-SHA-256
servers: kafka.example.com:9092
username: akka-service
passwordSecret: kafka-credentials/password
---
resource: RoleBindings
resourceVersion: v1
spec:
bindings:
- group: platform-admins
role: admin
- group: developers
role: developer