{ "description": "RadixApplication describes an application", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "Specification for an application.\nMore info: https://www.radix.equinor.com/references/reference-radix-config/", "properties": { "build": { "description": "Build contains configuration used by pipeline jobs.\nMore info: https://www.radix.equinor.com/radix-config#build", "properties": { "secrets": { "description": "Defines a list of secrets that will be passed as ARGs when building Dockerfile.\nThe secrets can also be accessed in sub-pipelines.", "items": { "type": "string" }, "type": "array" }, "subPipeline": { "description": "SubPipeline common configuration for all environments.", "properties": { "identity": { "description": "Configuration for workload identity (federated credentials).\nMore info: https://www.radix.equinor.com/radix-config#identity", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "type": "object" }, "variables": { "additionalProperties": { "type": "string" }, "description": "Defines variables, that will be available in sub-pipelines.", "type": "object" } }, "type": "object" }, "useBuildCache": { "description": "Defaults to true and requires useBuildKit to have an effect.\nNote: All layers will be cached and can be available for other Radix Apps. Do not add secrets to a Dockerfile layer.", "type": "boolean" }, "useBuildKit": { "description": "Enables BuildKit when building Dockerfile.\nMore info about BuildKit: https://docs.docker.com/build/buildkit/", "type": "boolean" }, "variables": { "additionalProperties": { "type": "string" }, "description": "Defines variables that will be available in sub-pipelines.", "type": "object" } }, "type": "object" }, "components": { "description": "List of component specification for the application.\nMore info: https://www.radix.equinor.com/radix-config#components", "items": { "description": "RadixComponent defines a component.", "properties": { "alwaysPullImageOnDeploy": { "description": "Forces check/pull of images using static tags, e.g. myimage:latest, when deploying using deploy-only.\nMore info: https://www.radix.equinor.com/radix-config#alwayspullimageondeploy", "type": "boolean" }, "args": { "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "authentication": { "description": "Configuration for TLS client certificate or OAuth2 authentication.\nMore info: https://www.radix.equinor.com/radix-config#authentication", "properties": { "clientCertificate": { "description": "Configuration for TLS client certificate authentication.\nMore info: https://www.radix.equinor.com/radix-config#clientcertificate", "properties": { "passCertificateToUpstream": { "description": "Pass client certificate to backend in header ssl-client-cert.\nThis setting has no effect if verification is set to off.", "type": "boolean" }, "verification": { "description": "Defines how the client certificate shall be verified.", "enum": [ "on", "off", "optional", "optional_no_ca" ], "type": "string" } }, "type": "object" }, "oauth2": { "description": "Configuration for OAuth2 authentication.\nMore info: https://www.radix.equinor.com/radix-config#oauth2", "properties": { "clientId": { "description": "Client ID of the application.", "type": "string" }, "cookie": { "description": "Session cookie settings.", "properties": { "expire": { "description": "Defines the expire timeframe for the session cookie.", "type": "string" }, "name": { "description": "Defines the name of the OAuth session cookie.", "type": "string" }, "refresh": { "description": "The interval between cookie refreshes.\nThe value must be a shorter timeframe than values set in Expire.", "type": "string" }, "sameSite": { "description": "Defines the samesite cookie attribute", "enum": [ "strict", "lax", "none", "" ], "type": "string" } }, "type": "object" }, "cookieStore": { "description": "Settings for the cookie that stores session data when SessionStoreType is cookie.", "properties": { "minimal": { "description": "Strips OAuth tokens from cookies if they are not needed.\nCookie.Refresh must be 0, and both SetXAuthRequestHeaders and SetAuthorizationHeader must be false if this setting is true.", "type": "boolean" } }, "type": "object" }, "credentials": { "default": "secret", "description": "Credentials defines credentials type for authenticating. Default is a Secret, which represents a client secret.", "enum": [ "secret", "azureWorkloadIdentity", "" ], "type": "string" }, "loginUrl": { "description": "Defines the authentication endpoint of the identity provider.\nMust be set if OIDC.SkipDiscovery is true", "type": "string" }, "oidc": { "description": "OIDC settings.", "properties": { "insecureSkipVerifyNonce": { "description": "Skip verifying the OIDC ID Token's nonce claim", "type": "boolean" }, "issuerUrl": { "description": "Defines the OIDC issuer URL.", "type": "string" }, "jwksUrl": { "description": "Defines the OIDC JWKS URL for token verification.\nRequired if OIDC discovery is disabled.", "type": "string" }, "skipDiscovery": { "description": "Defines if OIDC endpoint discovery should be bypassed.\nLoginURL, RedeemURL, JWKSURL must be configured if discovery is disabled.", "type": "boolean" } }, "type": "object" }, "proxyPrefix": { "description": "Defines the url root path that OAuth Proxy should be nested under.", "type": "string" }, "redeemUrl": { "description": "Defines the endpoint to redeem the authorization code received from the OAuth code flow.\nMust be set if OIDC.SkipDiscovery is true", "type": "string" }, "redisStore": { "description": "Settings for Redis store when SessionStoreType is redis.", "properties": { "connectionUrl": { "description": "Defines the URL for the Redis server.", "type": "string" } }, "required": [ "connectionUrl" ], "type": "object" }, "scope": { "description": "Requested scopes.", "type": "string" }, "sessionStoreType": { "description": "Defines where to store session data.", "enum": [ "cookie", "redis", "systemManaged", "" ], "type": "string" }, "setAuthorizationHeader": { "description": "Defines if the IDToken received by the OAuth Proxy should be added to the Authorization header.", "type": "boolean" }, "setXAuthRequestHeaders": { "description": "Defines if claims from the access token is added to the X-Auth-Request-User, X-Auth-Request-Groups,\nX-Auth-Request-Email and X-Auth-Request-Preferred-Username request headers.\nThe access token is passed in the X-Auth-Request-Access-Token header.", "type": "boolean" }, "skipAuthRoutes": { "description": "SkipAuthRoutes defines regex pattern of routes that should not be authenticated. Notice the ^ prefix and $ suffix to make sure the whole path is matched\nexample: GET=^/healthz$", "items": { "type": "string" }, "type": "array" } }, "type": "object" } }, "type": "object" }, "command": { "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not. Cannot be updated.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "dockerfileName": { "description": "Name of the Dockerfile that builds the component.\nMore info: https://www.radix.equinor.com/radix-config#dockerfilename", "type": "string" }, "enabled": { "description": "Controls if the component shall be deployed.\nMore info: https://www.radix.equinor.com/radix-config#enabled", "type": "boolean" }, "environmentConfig": { "description": "Configure environment specific settings for the component.\nMore info: https://www.radix.equinor.com/radix-config#environmentconfig", "items": { "description": "RadixEnvironmentConfig defines environment specific settings for component.", "properties": { "alwaysPullImageOnDeploy": { "description": "Forces check/pull of images using static tags, e.g. myimage:latest, when deploying using deploy-only.", "type": "boolean" }, "args": { "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "authentication": { "description": "Environment specific configuration for TLS client certificate or OAuth2 authentication.\nMore info: https://www.radix.equinor.com/radix-config#authentication", "properties": { "clientCertificate": { "description": "Configuration for TLS client certificate authentication.\nMore info: https://www.radix.equinor.com/radix-config#clientcertificate", "properties": { "passCertificateToUpstream": { "description": "Pass client certificate to backend in header ssl-client-cert.\nThis setting has no effect if verification is set to off.", "type": "boolean" }, "verification": { "description": "Defines how the client certificate shall be verified.", "enum": [ "on", "off", "optional", "optional_no_ca" ], "type": "string" } }, "type": "object" }, "oauth2": { "description": "Configuration for OAuth2 authentication.\nMore info: https://www.radix.equinor.com/radix-config#oauth2", "properties": { "clientId": { "description": "Client ID of the application.", "type": "string" }, "cookie": { "description": "Session cookie settings.", "properties": { "expire": { "description": "Defines the expire timeframe for the session cookie.", "type": "string" }, "name": { "description": "Defines the name of the OAuth session cookie.", "type": "string" }, "refresh": { "description": "The interval between cookie refreshes.\nThe value must be a shorter timeframe than values set in Expire.", "type": "string" }, "sameSite": { "description": "Defines the samesite cookie attribute", "enum": [ "strict", "lax", "none", "" ], "type": "string" } }, "type": "object" }, "cookieStore": { "description": "Settings for the cookie that stores session data when SessionStoreType is cookie.", "properties": { "minimal": { "description": "Strips OAuth tokens from cookies if they are not needed.\nCookie.Refresh must be 0, and both SetXAuthRequestHeaders and SetAuthorizationHeader must be false if this setting is true.", "type": "boolean" } }, "type": "object" }, "credentials": { "default": "secret", "description": "Credentials defines credentials type for authenticating. Default is a Secret, which represents a client secret.", "enum": [ "secret", "azureWorkloadIdentity", "" ], "type": "string" }, "loginUrl": { "description": "Defines the authentication endpoint of the identity provider.\nMust be set if OIDC.SkipDiscovery is true", "type": "string" }, "oidc": { "description": "OIDC settings.", "properties": { "insecureSkipVerifyNonce": { "description": "Skip verifying the OIDC ID Token's nonce claim", "type": "boolean" }, "issuerUrl": { "description": "Defines the OIDC issuer URL.", "type": "string" }, "jwksUrl": { "description": "Defines the OIDC JWKS URL for token verification.\nRequired if OIDC discovery is disabled.", "type": "string" }, "skipDiscovery": { "description": "Defines if OIDC endpoint discovery should be bypassed.\nLoginURL, RedeemURL, JWKSURL must be configured if discovery is disabled.", "type": "boolean" } }, "type": "object" }, "proxyPrefix": { "description": "Defines the url root path that OAuth Proxy should be nested under.", "type": "string" }, "redeemUrl": { "description": "Defines the endpoint to redeem the authorization code received from the OAuth code flow.\nMust be set if OIDC.SkipDiscovery is true", "type": "string" }, "redisStore": { "description": "Settings for Redis store when SessionStoreType is redis.", "properties": { "connectionUrl": { "description": "Defines the URL for the Redis server.", "type": "string" } }, "required": [ "connectionUrl" ], "type": "object" }, "scope": { "description": "Requested scopes.", "type": "string" }, "sessionStoreType": { "description": "Defines where to store session data.", "enum": [ "cookie", "redis", "systemManaged", "" ], "type": "string" }, "setAuthorizationHeader": { "description": "Defines if the IDToken received by the OAuth Proxy should be added to the Authorization header.", "type": "boolean" }, "setXAuthRequestHeaders": { "description": "Defines if claims from the access token is added to the X-Auth-Request-User, X-Auth-Request-Groups,\nX-Auth-Request-Email and X-Auth-Request-Preferred-Username request headers.\nThe access token is passed in the X-Auth-Request-Access-Token header.", "type": "boolean" }, "skipAuthRoutes": { "description": "SkipAuthRoutes defines regex pattern of routes that should not be authenticated. Notice the ^ prefix and $ suffix to make sure the whole path is matched\nexample: GET=^/healthz$", "items": { "type": "string" }, "type": "array" } }, "type": "object" } }, "type": "object" }, "command": { "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "dockerfileName": { "description": "Name of the Dockerfile that builds the component.\nMore info: https://www.radix.equinor.com/radix-config#dockerfilename", "type": "string" }, "enabled": { "description": "Controls if the component shall be deployed to this environment.\nMore info: https://www.radix.equinor.com/radix-config#enabled", "type": "boolean" }, "environment": { "description": "Name of the environment which the settings applies to.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "healthChecks": { "description": "HealthChecks can tell Radix if your application is ready to receive traffic.\nDefaults to a TCP check against your first listed port.\nIf any healthchecks are defined, no defaults will be added and you should add your own readinessProbe.", "properties": { "livenessProbe": { "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { "description": "Exec specifies the action to take.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { "default": 3, "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", "minimum": 1, "type": "integer" }, "grpc": { "description": "GRPC specifies an action involving a GRPC port.", "properties": { "port": { "description": "Port number of the gRPC service.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "service": { "default": "", "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "required": [ "port" ], "type": "object" }, "httpGet": { "description": "HTTPGet specifies the http request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { "description": "The header field value", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "scheme": { "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "enum": [ "HTTPS", "HTTP" ], "type": "string" } }, "required": [ "port" ], "type": "object" }, "initialDelaySeconds": { "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { "default": 10, "description": "How often (in seconds) to perform the probe.", "format": "int32", "minimum": 1, "type": "integer" }, "successThreshold": { "default": 1, "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nMust be 1 for liveness and startup.", "format": "int32", "minimum": 1, "type": "integer" }, "tcpSocket": { "description": "TCPSocket specifies an action involving a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "port" ], "type": "object" }, "timeoutSeconds": { "default": 1, "description": "Number of seconds after which the probe times out.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object" }, "readinessProbe": { "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\nDefaults to TCP Probe against the first listed port", "properties": { "exec": { "description": "Exec specifies the action to take.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { "default": 3, "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", "minimum": 1, "type": "integer" }, "grpc": { "description": "GRPC specifies an action involving a GRPC port.", "properties": { "port": { "description": "Port number of the gRPC service.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "service": { "default": "", "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "required": [ "port" ], "type": "object" }, "httpGet": { "description": "HTTPGet specifies the http request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { "description": "The header field value", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "scheme": { "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "enum": [ "HTTPS", "HTTP" ], "type": "string" } }, "required": [ "port" ], "type": "object" }, "initialDelaySeconds": { "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { "default": 10, "description": "How often (in seconds) to perform the probe.", "format": "int32", "minimum": 1, "type": "integer" }, "successThreshold": { "default": 1, "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nMust be 1 for liveness and startup.", "format": "int32", "minimum": 1, "type": "integer" }, "tcpSocket": { "description": "TCPSocket specifies an action involving a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "port" ], "type": "object" }, "timeoutSeconds": { "default": 1, "description": "Number of seconds after which the probe times out.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object" }, "startupProbe": { "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { "description": "Exec specifies the action to take.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { "default": 3, "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", "minimum": 1, "type": "integer" }, "grpc": { "description": "GRPC specifies an action involving a GRPC port.", "properties": { "port": { "description": "Port number of the gRPC service.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "service": { "default": "", "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "required": [ "port" ], "type": "object" }, "httpGet": { "description": "HTTPGet specifies the http request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { "description": "The header field value", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "scheme": { "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "enum": [ "HTTPS", "HTTP" ], "type": "string" } }, "required": [ "port" ], "type": "object" }, "initialDelaySeconds": { "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { "default": 10, "description": "How often (in seconds) to perform the probe.", "format": "int32", "minimum": 1, "type": "integer" }, "successThreshold": { "default": 1, "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nMust be 1 for liveness and startup.", "format": "int32", "minimum": 1, "type": "integer" }, "tcpSocket": { "description": "TCPSocket specifies an action involving a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "port" ], "type": "object" }, "timeoutSeconds": { "default": 1, "description": "Number of seconds after which the probe times out.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object" } }, "type": "object" }, "horizontalScaling": { "description": "Configuration for automatic horizontal scaling of replicas.\nMore info: https://www.radix.equinor.com/radix-config#horizontalscaling", "properties": { "cooldownPeriod": { "description": "CooldownPeriod to wait after the last trigger reported active before scaling the resource back to 0. Defaults to 5min", "format": "int32", "minimum": 15, "type": "integer" }, "maxReplicas": { "description": "Defines the maximum number of replicas.", "format": "int32", "minimum": 1, "type": "integer" }, "minReplicas": { "default": 1, "description": "Defines the minimum number of replicas.", "format": "int32", "minimum": 0, "type": "integer" }, "pollingInterval": { "description": "PollingInterval configures how often to check each trigger on. Defaults to 30sec", "format": "int32", "minimum": 15, "type": "integer" }, "resources": { "description": "Deprecated: Use CPU and/or Memory triggers instead\nDefines the resource usage parameters for the horizontal pod autoscaler.", "properties": { "cpu": { "description": "Defines the CPU usage parameters for the horizontal pod autoscaler.", "properties": { "averageUtilization": { "description": "Defines the resource usage which triggers scaling for the horizontal pod autoscaler.", "format": "int32", "minimum": 1, "type": "integer" } }, "required": [ "averageUtilization" ], "type": "object" }, "memory": { "description": "Defines the memory usage parameters for the horizontal pod autoscaler.", "properties": { "averageUtilization": { "description": "Defines the resource usage which triggers scaling for the horizontal pod autoscaler.", "format": "int32", "minimum": 1, "type": "integer" } }, "required": [ "averageUtilization" ], "type": "object" } }, "type": "object" }, "triggers": { "description": "Defines a list of triggers the component replicas will scale on. Defaults to 80% CPU.", "items": { "description": "RadixHorizontalScalingTrigger defines configuration for a specific trigger.", "maxProperties": 2, "minProperties": 2, "properties": { "azureEventHub": { "description": "AzureEventHub defines a trigger that scales based on number of unprocessed events in event hub", "properties": { "accountName": { "description": "StorageAccount Name of the storage account used for checkpointing. If storage account is not specified when used identity based authentication to Blob Storage, the StorageConnectionFromEnv will be used.\nIt is ignored when EventHubConnectionFromEnv is defined.", "maxLength": 150, "type": "string" }, "activationUnprocessedEventThreshold": { "description": "ActivationUnprocessedEventThreshold Target value for activating the scaler. Defaults to 0.\nLearn more about activation https://keda.sh/docs/2.17/concepts/scaling-deployments/#activating-and-scaling-thresholds", "minimum": 0, "type": "integer" }, "authentication": { "description": "Authentication Workload Identity configured with a ClientID when used identity based authentication", "properties": { "identity": { "description": "RadixHorizontalScalingRequiredIdentity configuration for federation with required azure identity providers.", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "required": [ "azure" ], "type": "object" } }, "required": [ "identity" ], "type": "object" }, "checkpointStrategy": { "description": "CheckpointStrategy defines the strategy to use for checkpointing. Defaults to blobMetadata.", "enum": [ "goSdk", "blobMetadata", "azureFunction", "" ], "type": "string" }, "consumerGroup": { "description": "ConsumerGroup is the name of the consumer group to use when consuming events from the Event Hub. Defaults to $Default", "maxLength": 150, "type": "string" }, "container": { "description": "Container is the name of the Blob Storage container used for checkpointing.\nThis is needed for every checkpointStrategy except of AzureFunction. With Azure Functions checkpointStrategy the Container is automatically set or overridden as azure-webjobs-eventhub.\nIt should be set to azure-webjobs-eventhub for Azure Functions using blobMetadata as checkpointStrategy.", "maxLength": 150, "type": "string" }, "eventHubConnectionFromEnv": { "description": "EventHubConnectionFromEnv The name of the environment variable or secret holding the connection string for the Event Hub. This is required when not using identity based authentication to Event Hub.\nString should be in following format: Endpoint=sb://.servicebus.windows.net/;SharedAccessKeyName=;SharedAccessKey=;EntityPath=\nEntityPath is optional. If it is not provided, then Name must be used to provide the name of the Azure Event Hub instance to use inside the namespace.\nExample:\nEndpoint=sb://eventhub-namespace.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=secretKey123;EntityPath=eventhub-name", "maxLength": 50, "type": "string" }, "eventHubName": { "description": "EventHubName of the Azure Event Hub within Event Hub namespace", "maxLength": 260, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" }, "eventHubNameFromEnv": { "description": "EventHubNameFromEnv The name of the environment variable or secret holding the Azure Event Hub name.\nIt is ignored when EventHubName is defined.", "maxLength": 260, "pattern": "^(([a-zA-Z][_a-zA-Z0-9]*)?[a-zA-Z0-9])?$", "type": "string" }, "eventHubNamespace": { "description": "EventHubNamespace The Event Hubs namespace to build FQDN like myeventhubnamespace.servicebus.windows.netname", "maxLength": 150, "pattern": "^(([a-z][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "eventHubNamespaceFromEnv": { "description": "EventHubNamespaceFromEnv The name of the environment variable or secret holding the Event Hubs namespace to build FQDN like myeventhubnamespace.servicebus.windows.netname\nIt is ignored when EventHubNamespace is defined.", "maxLength": 50, "pattern": "^(([a-zA-Z][_a-zA-Z0-9]*)?[a-zA-Z0-9])?$", "type": "string" }, "storageConnectionFromEnv": { "description": "StorageConnectionFromEnv The name of the environment variable or secret holding the connection string for storage account used to store checkpoint. As of now the Event Hub scaler only reads from Azure Blob Storage.", "maxLength": 50, "type": "string" }, "unprocessedEventThreshold": { "description": "UnprocessedEventThreshold Average target value to trigger scaling actions. Default: 64 events.", "minimum": 1, "type": "integer" } }, "type": "object" }, "azureServiceBus": { "description": "AzureServiceBus defines a trigger that scales based on number of messages in queue", "properties": { "activationMessageCount": { "description": "ActivationMessageCount = Target value for activating the scaler. (Default: 0, Optional)", "minimum": 0, "type": "integer" }, "authentication": { "description": "Azure Service Bus requires Workload Identity configured with a ClientID", "properties": { "identity": { "description": "RadixHorizontalScalingRequiredIdentity configuration for federation with required azure identity providers.", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "required": [ "azure" ], "type": "object" } }, "required": [ "identity" ], "type": "object" }, "connectionFromEnv": { "description": "ConnectionFromEnv The name of the environment variable your deployment uses to get the connection string of the Azure Service Bus namespace.\nIgnored when used Workload Identity.", "maxLength": 50, "type": "string" }, "messageCount": { "description": "MessageCount - Amount of active messages in your Azure Service Bus queue or topic to scale on. Defaults to 5 messages\nDesiredReplicas Number of replicas to which the resource has to be scaled between the start and end of the cron schedule.", "minimum": 1, "type": "integer" }, "namespace": { "description": "Namespace - Name of the Azure Service Bus namespace that contains your queue or topic. Required when using workload identity", "maxLength": 50, "minLength": 6, "pattern": "^(([a-z][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "queueName": { "description": "QueueName selects the target queue. QueueName wil take precedence over TopicName.", "maxLength": 260, "minLength": 1, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" }, "subscriptionName": { "description": "SubscriptionName is required when TopicName is set.", "maxLength": 50, "minLength": 1, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" }, "topicName": { "description": "TopicName selectes the target topic, requires SubscriptionName to be set.", "maxLength": 260, "minLength": 1, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" } }, "required": [ "namespace" ], "type": "object" }, "cpu": { "description": "Cpu defines a trigger based on CPU usage", "properties": { "value": { "description": "Value - the target value is the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.", "minimum": 15, "type": "integer" } }, "required": [ "value" ], "type": "object" }, "cron": { "description": "Cron defines a trigger that scales based on start and end times", "properties": { "desiredReplicas": { "description": "DesiredReplicas Number of replicas to which the resource has to be scaled between the start and end of the cron schedule.", "minimum": 1, "type": "integer" }, "end": { "description": "End is a Cron expression indicating the End of the cron schedule.", "pattern": "^((((\\d+,)+\\d+|(\\d+(\\/|-)\\d+)|\\d+|\\*) ?){5})$", "type": "string" }, "start": { "description": "Start is a Cron expression indicating the start of the cron schedule.", "pattern": "^((((\\d+,)+\\d+|(\\d+(\\/|-)\\d+)|\\d+|\\*) ?){5})$", "type": "string" }, "timezone": { "description": "Timezone One of the acceptable values from the IANA Time Zone Database. The list of timezones can be found at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones", "type": "string" } }, "required": [ "desiredReplicas", "end", "start", "timezone" ], "type": "object" }, "memory": { "description": "Memory defines a trigger based on memory usage", "properties": { "value": { "description": "Value - the target value is the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.", "minimum": 15, "type": "integer" } }, "required": [ "value" ], "type": "object" }, "name": { "description": "Name of trigger, must be unique", "maxLength": 50, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "required": [ "name" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" } }, "required": [ "maxReplicas" ], "type": "object" }, "identity": { "description": "Environment specific configuration for workload identity (federated credentials).\nMore info: https://www.radix.equinor.com/radix-config#identity", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "type": "object" }, "image": { "description": "Name of an existing container image to use when running the component.\nMore info: https://www.radix.equinor.com/radix-config#image", "type": "string" }, "imageTagName": { "description": "The imageTagName allows for flexible configuration of fixed images,\nbuilt outside of Radix, to be configured with separate tag for each environment.\nMore info: https://www.radix.equinor.com/radix-config#imagetagname", "type": "string" }, "monitoring": { "description": "Enabled or disables collection of custom Prometheus metrics.\nMore info: https://www.radix.equinor.com/radix-config#monitoring", "type": "boolean" }, "network": { "description": "Environment specific network settings.", "properties": { "ingress": { "description": "Ingress defines settings for ingress traffic.", "properties": { "public": { "description": "Public defines settings for public traffic.", "properties": { "allow": { "description": "Allow defines a list of public IP addresses or CIDRs which are allowed to access the component.\nAll IP addresses are allowed if this field is empty or not set.", "items": { "description": "IP address or CIDR.", "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", "type": "string" }, "type": "array" }, "proxyBodySize": { "description": "Sets the maximum allowed size of the client request body.\nSizes can be specified in bytes, kilobytes (suffixes k and K), megabytes (suffixes m and M), or gigabytes (suffixes g and G) for example, \"1024\", \"64k\", \"32m\", \"2g\"\nIf the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client.\nSetting size to 0 disables checking of client request body size.", "pattern": "^(?:0|[1-9][0-9]*[kKmMgG]?)$", "type": "string" }, "proxyBufferSize": { "description": "Sets the size of the buffer used for reading the first part of the response received from the proxied server.\nThe size must be large enough to hold the response headers.\nSizes can be specified in bytes, kilobytes (suffixes k and K), megabytes (suffixes m and M), or gigabytes (suffixes g and G) for example, \"1024\", \"64k\", \"32m\", \"2g\"\nIf the response headers exceed the buffer size, the 502 (Bad Gateway) error is returned to the client.", "pattern": "^(?:0|[1-9][0-9]*[kKmMgG]?)$", "type": "string" }, "proxyReadTimeout": { "description": "Defines a timeout, in seconds, for reading a response from the proxied server.\nThe timeout is set only between two successive read operations, not for the transmission of the whole response.\nIf the proxied server does not transmit anything within this time, the connection is closed.", "minimum": 0, "type": "integer" }, "proxyRequestBuffering": { "description": "Defines if request buffering is enabled. Default is true.\nIf set to false, the request body will be sent to the proxied server immediately, without buffering.\nThis can be useful for large file uploads or streaming data.", "type": "boolean" }, "proxySendTimeout": { "description": "Defines a timeout, in seconds, for transmitting a request to the proxied server.\nThe timeout is set only between two successive write operations, not for the transmission of the whole request.\nIf the proxied server does not receive anything within this time, the connection is closed.", "minimum": 0, "type": "integer" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "node": { "description": "Deprecated: use Runtime.NodeType instead.\nEnvironment specific GPU requirements for the component.\nMore info: https://www.radix.equinor.com/radix-config#node", "properties": { "gpu": { "description": "Defines rules for allowed GPU types.\nMore info: https://www.radix.equinor.com/radix-config#gpu", "type": "string" }, "gpuCount": { "description": "Defines minimum number of required GPUs.", "type": "string" } }, "type": "object" }, "readOnlyFileSystem": { "description": "Controls if the filesystem shall be read-only.", "type": "boolean" }, "replicas": { "description": "Number of desired replicas.\nMore info: https://www.radix.equinor.com/radix-config#replicas", "minimum": 0, "type": "integer" }, "resources": { "description": "Environment specific configuration for CPU and memory resources.\nMore info: https://www.radix.equinor.com/radix-config#resources", "properties": { "limits": { "additionalProperties": { "type": "string" }, "description": "Limits describes the maximum amount of compute resources allowed.", "type": "object" }, "requests": { "additionalProperties": { "type": "string" }, "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if\nthat is explicitly specified, otherwise to an implementation-defined value.", "type": "object" } }, "type": "object" }, "runAsUser": { "description": "User ID to run the container as\nMore info: https://www.radix.equinor.com/radix-config#runasuser", "format": "int64", "minimum": 1, "type": "integer" }, "runtime": { "description": "Runtime defines environment specific target runtime requirements for the component", "properties": { "architecture": { "description": "CPU architecture target for the component or job. When Architecture and NodeType are not defined, the Architecture defaults to amd64.", "enum": [ "amd64", "arm64", "" ], "type": "string" }, "nodeType": { "description": "Defines the node type for the component. It is a values of the node-pool label and taint with key radix-nodetype, where component's or job's pods will be scheduled.\nMore info: https://www.radix.equinor.com/radix-config#nodetype", "maxLength": 120, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "secretRefs": { "description": "Environment specific configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/radix-config#secretrefs", "properties": { "azureKeyVaults": { "description": "List of Azure Key Vaults to get secrets from.", "items": { "description": "RadixAzureKeyVault defines an Azure keyvault.", "properties": { "items": { "description": "List of keyvault items (secrets, keys and certificates).", "items": { "description": "RadixAzureKeyVaultItem defines Azure Key Vault setting: secrets, keys, certificates", "properties": { "alias": { "description": "Alias overrides the default file name used when mounting the secret, key or certificate.", "minLength": 1, "type": "string" }, "encoding": { "description": "Encoding defines the encoding of a keyvault item when stored in the container.\nSetting encoding to base64 and format to pfx will fetch and write the base64 decoded pfx binary.", "enum": [ "base64" ], "type": "string" }, "envVar": { "description": "Defines the name of the environment variable that will contain the value of the secret, key or certificate.", "type": "string" }, "format": { "description": "Defines the format of the keyvault item.\npfx is only supported with type secret and PKCS12 or ECC certificate.\nDefault format for certificates is pem.", "enum": [ "pem", "pfx" ], "type": "string" }, "k8sSecretType": { "description": "K8sSecretType defines the type of Kubernetes secret the keyvault item will be stored in.\nopaque corresponds to \"Opaque\" and \"kubernetes.io/tls\" secret types: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", "enum": [ "opaque", "tls" ], "type": "string" }, "name": { "description": "Name of a secret, key or certificate in the keyvault.", "maxLength": 127, "minLength": 1, "type": "string" }, "type": { "description": "Type of item in the keyvault referenced by the name.", "enum": [ "secret", "key", "cert" ], "type": "string" }, "version": { "description": "Defines that a specific version of a keyvault item should be loaded.\nThe latest version is loaded when this field is not set.", "type": "string" } }, "required": [ "name" ], "type": "object" }, "minItems": 1, "type": "array" }, "name": { "description": "Name of the Azure keyvault.", "maxLength": 24, "minLength": 3, "type": "string" }, "path": { "description": "Path where secrets from the keyvault is mounted.", "minLength": 1, "type": "string" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Key Vault will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "items", "name" ], "type": "object" }, "type": "array" } }, "type": "object" }, "src": { "description": "Path to the Dockerfile that builds the component.\nMore info: https://www.radix.equinor.com/radix-config#src", "type": "string" }, "variables": { "additionalProperties": { "type": "string" }, "description": "Environment specific environment variables.\nVariable names defined here have precedence over variables defined on component level.", "type": "object" }, "volumeMounts": { "description": "Configuration for mounting cloud storage into the component.\nMore info: https://www.radix.equinor.com/radix-config#volumemounts", "items": { "description": "RadixVolumeMount defines an external storage resource.", "properties": { "accessMode": { "description": "Deprecated: use BlobFuse2 instead.\nAccess mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "blobFuse2": { "description": "BlobFuse2 settings for Azure Storage FUSE CSI driver with the protocol fuse2", "properties": { "accessMode": { "description": "Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "attributeCache": { "description": "Configure attribute cache settings.", "properties": { "timeout": { "description": "The timeout (in seconds) for the attribute cache entries. Default 0.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "blockCache": { "description": "Configure block cache settings. Applicable when cacheMode is Block.", "properties": { "blockSize": { "description": "Size (in MB) of a block to be downloaded as a unit. Default is 4.", "format": "int32", "minimum": 1, "type": "integer" }, "diskSize": { "description": "Size (in MB) of total disk capacity that block cache can use.\n0 (default) disables disk caching.", "format": "int32", "minimum": 0, "type": "integer" }, "diskTimeout": { "description": "Timeout (in seconds) for which persisted data remains in disk cache. Default 120.", "format": "int32", "minimum": 0, "type": "integer" }, "parallelism": { "description": "Number of worker thread responsible for upload/download jobs. Default 8.", "format": "int32", "minimum": 1, "type": "integer" }, "poolSize": { "description": "Size (in MB) of total memory preallocated for block-cache.\nMinimum value = (prefetchCount + 1) * blockSize", "format": "int32", "minimum": 1, "type": "integer" }, "prefetchCount": { "description": "Max number of blocks to prefetch. Default 11.\nValue must be 0 (prefetching disabled) or greater than 10.", "format": "int32", "minimum": 0, "type": "integer" }, "prefetchOnOpen": { "description": "Start prefetching on open or wait for first read. Default false.", "type": "boolean" } }, "type": "object" }, "cacheMode": { "description": "Defines how files should be cached.\n\nFile: Reads and caches the entire file\nBlock (default): Blocks of fixed size are downloaded and cached\nDirectIO: Caching is disabled. All IO is passed directly to the storage account.", "enum": [ "File", "Block", "DirectIO" ], "type": "string" }, "container": { "description": "Container. Name of the container in the external storage resource.", "type": "string" }, "fileCache": { "description": "Configure file cache settings. Applicable when cacheMode is File.", "properties": { "timeout": { "description": "The timeout (in seconds) for which file cache is valid. Default 120.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "gid": { "description": "GID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "protocol": { "description": "Holds protocols of BlobFuse2 Azure Storage FUSE driver. Default is fuse2.", "enum": [ "fuse2", "" ], "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Requested size (opens new window)of allocated mounted volume. Default value is set to \"1Mi\" (1 megabyte). Current version of the driver does not affect mounted volume size\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resourceGroup": { "description": "ResourceGroup of a storage account. Applicable when using a workload identity.", "type": "string" }, "storageAccount": { "description": "Name of a storage account. It is mandatory when using a workload identity. It is optional when using Access Key, if it is not defined, it will be configured in a secret.", "type": "string" }, "streaming": { "description": "Deprecated: Configure caching with cacheMode.\nConfigure streaming settings.\nMore info: https://github.com/Azure/azure-storage-fuse/blob/main/STREAMING.md", "properties": { "enabled": { "description": "Deprecated: Configure caching with cacheMode in blobFuse2 section.\nEnable streaming mode. Default true.\nFor backward compatibility, Radix will use cachMode:File if this field is explicitly set to false.", "type": "boolean" } }, "type": "object" }, "subscriptionId": { "description": "SubscriptionId of a storage account. Applicable when using a workload identity.", "type": "string" }, "tenantId": { "description": "TenantId of a storage account. Applicable when using a workload identity.", "type": "string" }, "uid": { "description": "UID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "useAdls": { "description": "Enables blobfuse to access Azure DataLake storage account. When set to false, blobfuse will access Azure Block Blob storage account, hierarchical file system is not supported.\nDefault false. This must be turned on when HNS enabled account is mounted.", "type": "boolean" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Storage will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "container" ], "type": "object" }, "container": { "description": "Deprecated: Only required by the deprecated type: blob.", "type": "string" }, "emptyDir": { "description": "EmptyDir settings for EmptyDir volume", "properties": { "sizeLimit": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "SizeLimit defines the size of the emptyDir volume", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "required": [ "sizeLimit" ], "type": "object" }, "gid": { "description": "Deprecated: use BlobFuse2 instead.\nGID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "name": { "description": "User-defined name of the volume mount.\nMust be unique for the component.", "maxLength": 40, "minLength": 1, "type": "string" }, "path": { "description": "Path defines in which directory the external storage is mounted.", "minLength": 1, "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Deprecated: use BlobFuse2 instead.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "storage": { "description": "Deprecated: use BlobFuse2 instead.\nStorage defines the name of the container in the external storage resource.", "type": "string" }, "type": { "description": "Deprecated: use BlobFuse2 instead.\nType defines the storage type.", "enum": [ "azure-blob", "" ], "type": "string" }, "uid": { "description": "Deprecated: use BlobFuse2 instead.\nUID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" } }, "required": [ "name", "path" ], "type": "object" }, "type": "array" } }, "required": [ "environment" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "environment" ], "x-kubernetes-list-type": "map" }, "healthChecks": { "description": "HealthChecks can tell Radix if your application is ready to receive traffic.\nDefaults to a TCP check against your first listed port.\nIf any healthchecks are defined, no defaults will be added and you should add your own readinessProbe.", "properties": { "livenessProbe": { "description": "Periodic probe of container liveness.\nContainer will be restarted if the probe fails.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { "description": "Exec specifies the action to take.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { "default": 3, "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", "minimum": 1, "type": "integer" }, "grpc": { "description": "GRPC specifies an action involving a GRPC port.", "properties": { "port": { "description": "Port number of the gRPC service.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "service": { "default": "", "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "required": [ "port" ], "type": "object" }, "httpGet": { "description": "HTTPGet specifies the http request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { "description": "The header field value", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "scheme": { "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "enum": [ "HTTPS", "HTTP" ], "type": "string" } }, "required": [ "port" ], "type": "object" }, "initialDelaySeconds": { "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { "default": 10, "description": "How often (in seconds) to perform the probe.", "format": "int32", "minimum": 1, "type": "integer" }, "successThreshold": { "default": 1, "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nMust be 1 for liveness and startup.", "format": "int32", "minimum": 1, "type": "integer" }, "tcpSocket": { "description": "TCPSocket specifies an action involving a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "port" ], "type": "object" }, "timeoutSeconds": { "default": 1, "description": "Number of seconds after which the probe times out.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object" }, "readinessProbe": { "description": "Periodic probe of container service readiness.\nContainer will be removed from service endpoints if the probe fails.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes\nDefaults to TCP Probe against the first listed port", "properties": { "exec": { "description": "Exec specifies the action to take.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { "default": 3, "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", "minimum": 1, "type": "integer" }, "grpc": { "description": "GRPC specifies an action involving a GRPC port.", "properties": { "port": { "description": "Port number of the gRPC service.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "service": { "default": "", "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "required": [ "port" ], "type": "object" }, "httpGet": { "description": "HTTPGet specifies the http request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { "description": "The header field value", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "scheme": { "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "enum": [ "HTTPS", "HTTP" ], "type": "string" } }, "required": [ "port" ], "type": "object" }, "initialDelaySeconds": { "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { "default": 10, "description": "How often (in seconds) to perform the probe.", "format": "int32", "minimum": 1, "type": "integer" }, "successThreshold": { "default": 1, "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nMust be 1 for liveness and startup.", "format": "int32", "minimum": 1, "type": "integer" }, "tcpSocket": { "description": "TCPSocket specifies an action involving a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "port" ], "type": "object" }, "timeoutSeconds": { "default": 1, "description": "Number of seconds after which the probe times out.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object" }, "startupProbe": { "description": "StartupProbe indicates that the Pod has successfully initialized.\nIf specified, no other probes are executed until this completes successfully.\nIf this probe fails, the Pod will be restarted, just as if the livenessProbe failed.\nThis can be used to provide different probe parameters at the beginning of a Pod's lifecycle,\nwhen it might take a long time to load data or warm a cache, than during steady-state operation.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "properties": { "exec": { "description": "Exec specifies the action to take.", "properties": { "command": { "description": "Command is the command line to execute inside the container, the working directory for the\ncommand is root ('/') in the container's filesystem. The command is simply exec'd, it is\nnot run inside a shell, so traditional shell instructions ('|', etc) won't work. To use\na shell, you need to explicitly call out to that shell.\nExit status of 0 is treated as live/healthy and non-zero is unhealthy.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" } }, "type": "object" }, "failureThreshold": { "default": 3, "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded.", "format": "int32", "minimum": 1, "type": "integer" }, "grpc": { "description": "GRPC specifies an action involving a GRPC port.", "properties": { "port": { "description": "Port number of the gRPC service.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "service": { "default": "", "description": "Service is the name of the service to place in the gRPC HealthCheckRequest\n(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).\n\nIf this is not specified, the default behavior is defined by gRPC.", "type": "string" } }, "required": [ "port" ], "type": "object" }, "httpGet": { "description": "HTTPGet specifies the http request to perform.", "properties": { "host": { "description": "Host name to connect to, defaults to the pod IP. You probably want to set\n\"Host\" in httpHeaders instead.", "type": "string" }, "httpHeaders": { "description": "Custom headers to set in the request. HTTP allows repeated headers.", "items": { "description": "HTTPHeader describes a custom header to be used in HTTP probes", "properties": { "name": { "description": "The header field name.\nThis will be canonicalized upon output, so case-variant names will be understood as the same header.", "type": "string" }, "value": { "description": "The header field value", "type": "string" } }, "required": [ "name", "value" ], "type": "object" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "path": { "description": "Path to access on the HTTP server.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "scheme": { "description": "Scheme to use for connecting to the host.\nDefaults to HTTP.", "enum": [ "HTTPS", "HTTP" ], "type": "string" } }, "required": [ "port" ], "type": "object" }, "initialDelaySeconds": { "description": "Number of seconds after the container has started before liveness probes are initiated.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "type": "integer" }, "periodSeconds": { "default": 10, "description": "How often (in seconds) to perform the probe.", "format": "int32", "minimum": 1, "type": "integer" }, "successThreshold": { "default": 1, "description": "Minimum consecutive successes for the probe to be considered successful after having failed.\nMust be 1 for liveness and startup.", "format": "int32", "minimum": 1, "type": "integer" }, "tcpSocket": { "description": "TCPSocket specifies an action involving a TCP port.", "properties": { "host": { "description": "Optional: Host name to connect to, defaults to the pod IP.", "type": "string" }, "port": { "description": "port number to access on the container.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" } }, "required": [ "port" ], "type": "object" }, "timeoutSeconds": { "default": 1, "description": "Number of seconds after which the probe times out.\nMore info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes", "format": "int32", "minimum": 1, "type": "integer" } }, "type": "object" } }, "type": "object" }, "horizontalScaling": { "description": "Configuration for automatic horizontal scaling of replicas.\nMore info: https://www.radix.equinor.com/radix-config#horizontalscaling", "properties": { "cooldownPeriod": { "description": "CooldownPeriod to wait after the last trigger reported active before scaling the resource back to 0. Defaults to 5min", "format": "int32", "minimum": 15, "type": "integer" }, "maxReplicas": { "description": "Defines the maximum number of replicas.", "format": "int32", "minimum": 1, "type": "integer" }, "minReplicas": { "default": 1, "description": "Defines the minimum number of replicas.", "format": "int32", "minimum": 0, "type": "integer" }, "pollingInterval": { "description": "PollingInterval configures how often to check each trigger on. Defaults to 30sec", "format": "int32", "minimum": 15, "type": "integer" }, "resources": { "description": "Deprecated: Use CPU and/or Memory triggers instead\nDefines the resource usage parameters for the horizontal pod autoscaler.", "properties": { "cpu": { "description": "Defines the CPU usage parameters for the horizontal pod autoscaler.", "properties": { "averageUtilization": { "description": "Defines the resource usage which triggers scaling for the horizontal pod autoscaler.", "format": "int32", "minimum": 1, "type": "integer" } }, "required": [ "averageUtilization" ], "type": "object" }, "memory": { "description": "Defines the memory usage parameters for the horizontal pod autoscaler.", "properties": { "averageUtilization": { "description": "Defines the resource usage which triggers scaling for the horizontal pod autoscaler.", "format": "int32", "minimum": 1, "type": "integer" } }, "required": [ "averageUtilization" ], "type": "object" } }, "type": "object" }, "triggers": { "description": "Defines a list of triggers the component replicas will scale on. Defaults to 80% CPU.", "items": { "description": "RadixHorizontalScalingTrigger defines configuration for a specific trigger.", "maxProperties": 2, "minProperties": 2, "properties": { "azureEventHub": { "description": "AzureEventHub defines a trigger that scales based on number of unprocessed events in event hub", "properties": { "accountName": { "description": "StorageAccount Name of the storage account used for checkpointing. If storage account is not specified when used identity based authentication to Blob Storage, the StorageConnectionFromEnv will be used.\nIt is ignored when EventHubConnectionFromEnv is defined.", "maxLength": 150, "type": "string" }, "activationUnprocessedEventThreshold": { "description": "ActivationUnprocessedEventThreshold Target value for activating the scaler. Defaults to 0.\nLearn more about activation https://keda.sh/docs/2.17/concepts/scaling-deployments/#activating-and-scaling-thresholds", "minimum": 0, "type": "integer" }, "authentication": { "description": "Authentication Workload Identity configured with a ClientID when used identity based authentication", "properties": { "identity": { "description": "RadixHorizontalScalingRequiredIdentity configuration for federation with required azure identity providers.", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "required": [ "azure" ], "type": "object" } }, "required": [ "identity" ], "type": "object" }, "checkpointStrategy": { "description": "CheckpointStrategy defines the strategy to use for checkpointing. Defaults to blobMetadata.", "enum": [ "goSdk", "blobMetadata", "azureFunction", "" ], "type": "string" }, "consumerGroup": { "description": "ConsumerGroup is the name of the consumer group to use when consuming events from the Event Hub. Defaults to $Default", "maxLength": 150, "type": "string" }, "container": { "description": "Container is the name of the Blob Storage container used for checkpointing.\nThis is needed for every checkpointStrategy except of AzureFunction. With Azure Functions checkpointStrategy the Container is automatically set or overridden as azure-webjobs-eventhub.\nIt should be set to azure-webjobs-eventhub for Azure Functions using blobMetadata as checkpointStrategy.", "maxLength": 150, "type": "string" }, "eventHubConnectionFromEnv": { "description": "EventHubConnectionFromEnv The name of the environment variable or secret holding the connection string for the Event Hub. This is required when not using identity based authentication to Event Hub.\nString should be in following format: Endpoint=sb://.servicebus.windows.net/;SharedAccessKeyName=;SharedAccessKey=;EntityPath=\nEntityPath is optional. If it is not provided, then Name must be used to provide the name of the Azure Event Hub instance to use inside the namespace.\nExample:\nEndpoint=sb://eventhub-namespace.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=secretKey123;EntityPath=eventhub-name", "maxLength": 50, "type": "string" }, "eventHubName": { "description": "EventHubName of the Azure Event Hub within Event Hub namespace", "maxLength": 260, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" }, "eventHubNameFromEnv": { "description": "EventHubNameFromEnv The name of the environment variable or secret holding the Azure Event Hub name.\nIt is ignored when EventHubName is defined.", "maxLength": 260, "pattern": "^(([a-zA-Z][_a-zA-Z0-9]*)?[a-zA-Z0-9])?$", "type": "string" }, "eventHubNamespace": { "description": "EventHubNamespace The Event Hubs namespace to build FQDN like myeventhubnamespace.servicebus.windows.netname", "maxLength": 150, "pattern": "^(([a-z][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "eventHubNamespaceFromEnv": { "description": "EventHubNamespaceFromEnv The name of the environment variable or secret holding the Event Hubs namespace to build FQDN like myeventhubnamespace.servicebus.windows.netname\nIt is ignored when EventHubNamespace is defined.", "maxLength": 50, "pattern": "^(([a-zA-Z][_a-zA-Z0-9]*)?[a-zA-Z0-9])?$", "type": "string" }, "storageConnectionFromEnv": { "description": "StorageConnectionFromEnv The name of the environment variable or secret holding the connection string for storage account used to store checkpoint. As of now the Event Hub scaler only reads from Azure Blob Storage.", "maxLength": 50, "type": "string" }, "unprocessedEventThreshold": { "description": "UnprocessedEventThreshold Average target value to trigger scaling actions. Default: 64 events.", "minimum": 1, "type": "integer" } }, "type": "object" }, "azureServiceBus": { "description": "AzureServiceBus defines a trigger that scales based on number of messages in queue", "properties": { "activationMessageCount": { "description": "ActivationMessageCount = Target value for activating the scaler. (Default: 0, Optional)", "minimum": 0, "type": "integer" }, "authentication": { "description": "Azure Service Bus requires Workload Identity configured with a ClientID", "properties": { "identity": { "description": "RadixHorizontalScalingRequiredIdentity configuration for federation with required azure identity providers.", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "required": [ "azure" ], "type": "object" } }, "required": [ "identity" ], "type": "object" }, "connectionFromEnv": { "description": "ConnectionFromEnv The name of the environment variable your deployment uses to get the connection string of the Azure Service Bus namespace.\nIgnored when used Workload Identity.", "maxLength": 50, "type": "string" }, "messageCount": { "description": "MessageCount - Amount of active messages in your Azure Service Bus queue or topic to scale on. Defaults to 5 messages\nDesiredReplicas Number of replicas to which the resource has to be scaled between the start and end of the cron schedule.", "minimum": 1, "type": "integer" }, "namespace": { "description": "Namespace - Name of the Azure Service Bus namespace that contains your queue or topic. Required when using workload identity", "maxLength": 50, "minLength": 6, "pattern": "^(([a-z][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "queueName": { "description": "QueueName selects the target queue. QueueName wil take precedence over TopicName.", "maxLength": 260, "minLength": 1, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" }, "subscriptionName": { "description": "SubscriptionName is required when TopicName is set.", "maxLength": 50, "minLength": 1, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" }, "topicName": { "description": "TopicName selectes the target topic, requires SubscriptionName to be set.", "maxLength": 260, "minLength": 1, "pattern": "^(([a-z0-9][-_a-z0-9./]*)?[a-z0-9])?$", "type": "string" } }, "required": [ "namespace" ], "type": "object" }, "cpu": { "description": "Cpu defines a trigger based on CPU usage", "properties": { "value": { "description": "Value - the target value is the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.", "minimum": 15, "type": "integer" } }, "required": [ "value" ], "type": "object" }, "cron": { "description": "Cron defines a trigger that scales based on start and end times", "properties": { "desiredReplicas": { "description": "DesiredReplicas Number of replicas to which the resource has to be scaled between the start and end of the cron schedule.", "minimum": 1, "type": "integer" }, "end": { "description": "End is a Cron expression indicating the End of the cron schedule.", "pattern": "^((((\\d+,)+\\d+|(\\d+(\\/|-)\\d+)|\\d+|\\*) ?){5})$", "type": "string" }, "start": { "description": "Start is a Cron expression indicating the start of the cron schedule.", "pattern": "^((((\\d+,)+\\d+|(\\d+(\\/|-)\\d+)|\\d+|\\*) ?){5})$", "type": "string" }, "timezone": { "description": "Timezone One of the acceptable values from the IANA Time Zone Database. The list of timezones can be found at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones", "type": "string" } }, "required": [ "desiredReplicas", "end", "start", "timezone" ], "type": "object" }, "memory": { "description": "Memory defines a trigger based on memory usage", "properties": { "value": { "description": "Value - the target value is the average of the resource metric across all relevant pods, represented as a percentage of the requested value of the resource for the pods.", "minimum": 15, "type": "integer" } }, "required": [ "value" ], "type": "object" }, "name": { "description": "Name of trigger, must be unique", "maxLength": 50, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "required": [ "name" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" } }, "required": [ "maxReplicas" ], "type": "object" }, "identity": { "description": "Configuration for workload identity (federated credentials).\nMore info: https://www.radix.equinor.com/radix-config#identity", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "type": "object" }, "image": { "description": "Name of an existing container image to use when running the component.\nMore info: https://www.radix.equinor.com/radix-config#image", "type": "string" }, "imageTagName": { "description": "The imageTagName allows for flexible configuration of fixed images,\nbuilt outside of Radix, it can be also configured with separate tag for each environment.\nMore info: https://www.radix.equinor.com/radix-config#imagetagname", "type": "string" }, "ingressConfiguration": { "description": "Additional configuration settings for ingress traffic.\nMore info: https://www.radix.equinor.com/radix-config#ingressconfiguration", "items": { "type": "string" }, "type": "array" }, "monitoring": { "description": "Enabled or disables collection of custom Prometheus metrics.\nMore info: https://www.radix.equinor.com/radix-config#monitoring", "type": "boolean" }, "monitoringConfig": { "description": "Configures the monitoring endpoint exposed by the component.\nThis endpoint is used by Prometheus to collect custom metrics.\nenvironmentConfig.monitoring must be set to true to enable collection of metrics for an environment.\nMore info: https://www.radix.equinor.com/radix-config#monitoringconfig", "properties": { "path": { "description": "Defines the path where metrics is served.", "type": "string" }, "portName": { "description": "Defines which port in the ports list where metrics is served.", "maxLength": 15, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "name": { "description": "Name of the component.", "maxLength": 50, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "network": { "description": "Network settings.", "properties": { "ingress": { "description": "Ingress defines settings for ingress traffic.", "properties": { "public": { "description": "Public defines settings for public traffic.", "properties": { "allow": { "description": "Allow defines a list of public IP addresses or CIDRs which are allowed to access the component.\nAll IP addresses are allowed if this field is empty or not set.", "items": { "description": "IP address or CIDR.", "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", "type": "string" }, "type": "array" }, "proxyBodySize": { "description": "Sets the maximum allowed size of the client request body.\nSizes can be specified in bytes, kilobytes (suffixes k and K), megabytes (suffixes m and M), or gigabytes (suffixes g and G) for example, \"1024\", \"64k\", \"32m\", \"2g\"\nIf the size in a request exceeds the configured value, the 413 (Request Entity Too Large) error is returned to the client.\nSetting size to 0 disables checking of client request body size.", "pattern": "^(?:0|[1-9][0-9]*[kKmMgG]?)$", "type": "string" }, "proxyBufferSize": { "description": "Sets the size of the buffer used for reading the first part of the response received from the proxied server.\nThe size must be large enough to hold the response headers.\nSizes can be specified in bytes, kilobytes (suffixes k and K), megabytes (suffixes m and M), or gigabytes (suffixes g and G) for example, \"1024\", \"64k\", \"32m\", \"2g\"\nIf the response headers exceed the buffer size, the 502 (Bad Gateway) error is returned to the client.", "pattern": "^(?:0|[1-9][0-9]*[kKmMgG]?)$", "type": "string" }, "proxyReadTimeout": { "description": "Defines a timeout, in seconds, for reading a response from the proxied server.\nThe timeout is set only between two successive read operations, not for the transmission of the whole response.\nIf the proxied server does not transmit anything within this time, the connection is closed.", "minimum": 0, "type": "integer" }, "proxyRequestBuffering": { "description": "Defines if request buffering is enabled. Default is true.\nIf set to false, the request body will be sent to the proxied server immediately, without buffering.\nThis can be useful for large file uploads or streaming data.", "type": "boolean" }, "proxySendTimeout": { "description": "Defines a timeout, in seconds, for transmitting a request to the proxied server.\nThe timeout is set only between two successive write operations, not for the transmission of the whole request.\nIf the proxied server does not receive anything within this time, the connection is closed.", "minimum": 0, "type": "integer" } }, "type": "object" } }, "type": "object" } }, "type": "object" }, "node": { "description": "Deprecated: use Runtime.NodeType instead.\nDefines GPU requirements for the component.\nMore info: https://www.radix.equinor.com/radix-config#node", "properties": { "gpu": { "description": "Defines rules for allowed GPU types.\nMore info: https://www.radix.equinor.com/radix-config#gpu", "type": "string" }, "gpuCount": { "description": "Defines minimum number of required GPUs.", "type": "string" } }, "type": "object" }, "ports": { "description": "List of ports that the component bind to.", "items": { "description": "ComponentPort defines a named port.", "properties": { "name": { "description": "Name of the port.", "maxLength": 15, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "port": { "description": "Port number.", "format": "int32", "maximum": 65535, "minimum": 1024, "type": "integer" } }, "required": [ "name", "port" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "public": { "description": "Deprecated: For backwards compatibility Public is still supported, new code should use PublicPort instead", "type": "boolean" }, "publicPort": { "description": "Defines which port (name) from the ports list that shall be accessible from the internet.\nMore info: https://www.radix.equinor.com/radix-config#publicport", "maxLength": 15, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "readOnlyFileSystem": { "description": "Controls if the filesystem shall be read-only.", "type": "boolean" }, "replicas": { "description": "Number of desired replicas.\nMore info: https://www.radix.equinor.com/radix-config#replicas", "minimum": 0, "type": "integer" }, "resources": { "description": "Configures CPU and memory resources for the component.\nMore info: https://www.radix.equinor.com/radix-config#resources-common", "properties": { "limits": { "additionalProperties": { "type": "string" }, "description": "Limits describes the maximum amount of compute resources allowed.", "type": "object" }, "requests": { "additionalProperties": { "type": "string" }, "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if\nthat is explicitly specified, otherwise to an implementation-defined value.", "type": "object" } }, "type": "object" }, "runAsUser": { "description": "User ID to run the container as\nMore info: https://www.radix.equinor.com/radix-config#runasuser-detailed", "format": "int64", "minimum": 1, "type": "integer" }, "runtime": { "description": "Runtime defines the target runtime requirements for the component", "properties": { "architecture": { "description": "CPU architecture target for the component or job. When Architecture and NodeType are not defined, the Architecture defaults to amd64.", "enum": [ "amd64", "arm64", "" ], "type": "string" }, "nodeType": { "description": "Defines the node type for the component. It is a values of the node-pool label and taint with key radix-nodetype, where component's or job's pods will be scheduled.\nMore info: https://www.radix.equinor.com/radix-config#nodetype", "maxLength": 120, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "secretRefs": { "description": "Configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/radix-config#secretrefs", "properties": { "azureKeyVaults": { "description": "List of Azure Key Vaults to get secrets from.", "items": { "description": "RadixAzureKeyVault defines an Azure keyvault.", "properties": { "items": { "description": "List of keyvault items (secrets, keys and certificates).", "items": { "description": "RadixAzureKeyVaultItem defines Azure Key Vault setting: secrets, keys, certificates", "properties": { "alias": { "description": "Alias overrides the default file name used when mounting the secret, key or certificate.", "minLength": 1, "type": "string" }, "encoding": { "description": "Encoding defines the encoding of a keyvault item when stored in the container.\nSetting encoding to base64 and format to pfx will fetch and write the base64 decoded pfx binary.", "enum": [ "base64" ], "type": "string" }, "envVar": { "description": "Defines the name of the environment variable that will contain the value of the secret, key or certificate.", "type": "string" }, "format": { "description": "Defines the format of the keyvault item.\npfx is only supported with type secret and PKCS12 or ECC certificate.\nDefault format for certificates is pem.", "enum": [ "pem", "pfx" ], "type": "string" }, "k8sSecretType": { "description": "K8sSecretType defines the type of Kubernetes secret the keyvault item will be stored in.\nopaque corresponds to \"Opaque\" and \"kubernetes.io/tls\" secret types: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", "enum": [ "opaque", "tls" ], "type": "string" }, "name": { "description": "Name of a secret, key or certificate in the keyvault.", "maxLength": 127, "minLength": 1, "type": "string" }, "type": { "description": "Type of item in the keyvault referenced by the name.", "enum": [ "secret", "key", "cert" ], "type": "string" }, "version": { "description": "Defines that a specific version of a keyvault item should be loaded.\nThe latest version is loaded when this field is not set.", "type": "string" } }, "required": [ "name" ], "type": "object" }, "minItems": 1, "type": "array" }, "name": { "description": "Name of the Azure keyvault.", "maxLength": 24, "minLength": 3, "type": "string" }, "path": { "description": "Path where secrets from the keyvault is mounted.", "minLength": 1, "type": "string" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Key Vault will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "items", "name" ], "type": "object" }, "type": "array" } }, "type": "object" }, "secrets": { "description": "List of secret environment variable names.\nMore info: https://www.radix.equinor.com/radix-config#secrets", "items": { "type": "string" }, "type": "array" }, "src": { "description": "Path to the Dockerfile that builds the component.\nMore info: https://www.radix.equinor.com/radix-config#src", "type": "string" }, "variables": { "additionalProperties": { "type": "string" }, "description": "List of environment variables and values.\nMore info: https://www.radix.equinor.com/radix-config#variables-common", "type": "object" }, "volumeMounts": { "description": "Configuration for mounting cloud storage into the component.\nMore info: https://www.radix.equinor.com/radix-config#volumemounts", "items": { "description": "RadixVolumeMount defines an external storage resource.", "properties": { "accessMode": { "description": "Deprecated: use BlobFuse2 instead.\nAccess mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "blobFuse2": { "description": "BlobFuse2 settings for Azure Storage FUSE CSI driver with the protocol fuse2", "properties": { "accessMode": { "description": "Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "attributeCache": { "description": "Configure attribute cache settings.", "properties": { "timeout": { "description": "The timeout (in seconds) for the attribute cache entries. Default 0.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "blockCache": { "description": "Configure block cache settings. Applicable when cacheMode is Block.", "properties": { "blockSize": { "description": "Size (in MB) of a block to be downloaded as a unit. Default is 4.", "format": "int32", "minimum": 1, "type": "integer" }, "diskSize": { "description": "Size (in MB) of total disk capacity that block cache can use.\n0 (default) disables disk caching.", "format": "int32", "minimum": 0, "type": "integer" }, "diskTimeout": { "description": "Timeout (in seconds) for which persisted data remains in disk cache. Default 120.", "format": "int32", "minimum": 0, "type": "integer" }, "parallelism": { "description": "Number of worker thread responsible for upload/download jobs. Default 8.", "format": "int32", "minimum": 1, "type": "integer" }, "poolSize": { "description": "Size (in MB) of total memory preallocated for block-cache.\nMinimum value = (prefetchCount + 1) * blockSize", "format": "int32", "minimum": 1, "type": "integer" }, "prefetchCount": { "description": "Max number of blocks to prefetch. Default 11.\nValue must be 0 (prefetching disabled) or greater than 10.", "format": "int32", "minimum": 0, "type": "integer" }, "prefetchOnOpen": { "description": "Start prefetching on open or wait for first read. Default false.", "type": "boolean" } }, "type": "object" }, "cacheMode": { "description": "Defines how files should be cached.\n\nFile: Reads and caches the entire file\nBlock (default): Blocks of fixed size are downloaded and cached\nDirectIO: Caching is disabled. All IO is passed directly to the storage account.", "enum": [ "File", "Block", "DirectIO" ], "type": "string" }, "container": { "description": "Container. Name of the container in the external storage resource.", "type": "string" }, "fileCache": { "description": "Configure file cache settings. Applicable when cacheMode is File.", "properties": { "timeout": { "description": "The timeout (in seconds) for which file cache is valid. Default 120.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "gid": { "description": "GID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "protocol": { "description": "Holds protocols of BlobFuse2 Azure Storage FUSE driver. Default is fuse2.", "enum": [ "fuse2", "" ], "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Requested size (opens new window)of allocated mounted volume. Default value is set to \"1Mi\" (1 megabyte). Current version of the driver does not affect mounted volume size\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resourceGroup": { "description": "ResourceGroup of a storage account. Applicable when using a workload identity.", "type": "string" }, "storageAccount": { "description": "Name of a storage account. It is mandatory when using a workload identity. It is optional when using Access Key, if it is not defined, it will be configured in a secret.", "type": "string" }, "streaming": { "description": "Deprecated: Configure caching with cacheMode.\nConfigure streaming settings.\nMore info: https://github.com/Azure/azure-storage-fuse/blob/main/STREAMING.md", "properties": { "enabled": { "description": "Deprecated: Configure caching with cacheMode in blobFuse2 section.\nEnable streaming mode. Default true.\nFor backward compatibility, Radix will use cachMode:File if this field is explicitly set to false.", "type": "boolean" } }, "type": "object" }, "subscriptionId": { "description": "SubscriptionId of a storage account. Applicable when using a workload identity.", "type": "string" }, "tenantId": { "description": "TenantId of a storage account. Applicable when using a workload identity.", "type": "string" }, "uid": { "description": "UID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "useAdls": { "description": "Enables blobfuse to access Azure DataLake storage account. When set to false, blobfuse will access Azure Block Blob storage account, hierarchical file system is not supported.\nDefault false. This must be turned on when HNS enabled account is mounted.", "type": "boolean" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Storage will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "container" ], "type": "object" }, "container": { "description": "Deprecated: Only required by the deprecated type: blob.", "type": "string" }, "emptyDir": { "description": "EmptyDir settings for EmptyDir volume", "properties": { "sizeLimit": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "SizeLimit defines the size of the emptyDir volume", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "required": [ "sizeLimit" ], "type": "object" }, "gid": { "description": "Deprecated: use BlobFuse2 instead.\nGID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "name": { "description": "User-defined name of the volume mount.\nMust be unique for the component.", "maxLength": 40, "minLength": 1, "type": "string" }, "path": { "description": "Path defines in which directory the external storage is mounted.", "minLength": 1, "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Deprecated: use BlobFuse2 instead.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "storage": { "description": "Deprecated: use BlobFuse2 instead.\nStorage defines the name of the container in the external storage resource.", "type": "string" }, "type": { "description": "Deprecated: use BlobFuse2 instead.\nType defines the storage type.", "enum": [ "azure-blob", "" ], "type": "string" }, "uid": { "description": "Deprecated: use BlobFuse2 instead.\nUID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" } }, "required": [ "name", "path" ], "type": "object" }, "type": "array" } }, "required": [ "name" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "dnsAlias": { "description": "List of DNS names and which component and environment incoming requests shall be routed to.\nMore info: https://www.radix.equinor.com/radix-config#dnsalias", "items": { "description": "DNSAlias defines mapping between an DNS alias and a component and environment.", "properties": { "alias": { "description": "Alias name, e.g. my-app, which will prefix full internal alias my-app.radix.equinor.com", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "component": { "description": "Name of the component that shall receive the incoming requests.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "environment": { "description": "Name of the environment for the component.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "required": [ "alias", "component", "environment" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "alias" ], "x-kubernetes-list-type": "map" }, "dnsAppAlias": { "description": "Configure a component and environment to be linked to the app alias DNS record.\nMore info: https://www.radix.equinor.com/radix-config#dnsappalias", "properties": { "component": { "description": "Name of the component that shall receive the incoming requests.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "environment": { "description": "Name of the environment for the component.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "dnsExternalAlias": { "description": "List of external DNS names and which component and environment incoming requests shall be routed to.\nMore info: https://www.radix.equinor.com/radix-config#dnsexternalalias", "items": { "description": "ExternalAlias defines mapping between an external DNS name and a component and environment.", "properties": { "alias": { "description": "DNS name, e.g. myapp.example.com.", "maxLength": 255, "minLength": 4, "pattern": "^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\\-]*[A-Za-z0-9])$", "type": "string" }, "component": { "description": "Name of the component that shall receive the incoming requests.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "environment": { "description": "Name of the environment for the component.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "useCertificateAutomation": { "default": false, "description": "Enable automatic issuing and renewal of TLS certificate", "type": "boolean" } }, "required": [ "alias", "component", "environment" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "alias" ], "x-kubernetes-list-type": "map" }, "environments": { "description": "List of environments belonging to the application.\nMore info: https://www.radix.equinor.com/radix-config#environments", "items": { "description": "Environment contains environment specific configuration.", "properties": { "build": { "description": "Build configuration for the environment.\nMore info: https://www.radix.equinor.com/radix-config#build-2", "properties": { "from": { "description": "Name of the Github branch to build from", "maxLength": 255, "minLength": 1, "type": "string" }, "fromType": { "description": "FromType When the pipeline job is triggered by a GitHub event via the Radix GitHub webhook FromType can specify\nwhich Git references are applicable for this environment:\n- branch - only events on branches (for refs/heads)\n- tag - only events on tags (for refs/tags)\n- - events on both branches and tags", "enum": [ "branch", "tag", "" ], "type": "string" }, "variables": { "additionalProperties": { "type": "string" }, "description": "Defines variables that will be available in sub-pipelines", "type": "object" }, "webhookEnabled": { "default": true, "description": "WebhookEnabled indicates whether the webhook should be disabled for the environment.\nIf set to false, the webhook will not be triggered for this environment.", "type": "boolean" } }, "type": "object" }, "egress": { "description": "Configure egress traffic rules for components and jobs.\nMore info: https://www.radix.equinor.com/radix-config#egress", "properties": { "allowRadix": { "description": "Allow or deny outgoing traffic to the public IP of the Radix cluster.", "type": "boolean" }, "rules": { "description": "Defines a list of egress rules.", "items": { "description": "EgressRule defines an egress rule.", "properties": { "destinations": { "description": "List of allowed destinations.\nEach destination must be a valid IPv4 CIDR.", "items": { "pattern": "^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\\/([0-9]|[1-2][0-9]|3[0-2]))?$", "type": "string" }, "minItems": 1, "type": "array" }, "ports": { "description": "List of allowed ports.", "items": { "description": "EgressPort defines a port in context of EgressRule.", "properties": { "port": { "description": "Port number.", "format": "int32", "maximum": 65535, "minimum": 1, "type": "integer" }, "protocol": { "description": "Protocol.", "enum": [ "TCP", "UDP" ], "type": "string" } }, "required": [ "port", "protocol" ], "type": "object" }, "minItems": 1, "type": "array" } }, "required": [ "destinations", "ports" ], "type": "object" }, "maxItems": 1000, "type": "array" } }, "type": "object" }, "name": { "description": "Name of the environment.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "subPipeline": { "description": "SubPipeline configuration.", "properties": { "identity": { "description": "Configuration for workload identity (federated credentials).\nMore info: https://www.radix.equinor.com/radix-config#identity", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "type": "object" }, "variables": { "additionalProperties": { "type": "string" }, "description": "Defines variables, that will be available in sub-pipelines.", "type": "object" } }, "type": "object" } }, "required": [ "name" ], "type": "object" }, "minItems": 1, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "jobs": { "description": "List of job specification for the application.\nMore info: https://www.radix.equinor.com/radix-config#jobs", "items": { "description": "RadixJobComponent defines a single job component within a RadixApplication\nThe job component is used by the radix-job-scheduler to create Kubernetes Job objects", "properties": { "args": { "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "backoffLimit": { "description": "Specifies the number of retries before marking this job failed.\nMore info: https://www.radix.equinor.com/radix-config#backofflimit", "format": "int32", "minimum": 0, "type": "integer" }, "batchStatusRules": { "description": "BatchStatusRules Rules define how a batch status is set corresponding to batch job statuses", "items": { "description": "BatchStatusRule Rule how to set a batch status by job statuses", "properties": { "batchStatus": { "description": "BatchStatus The status of the batch corresponding to job statuses", "enum": [ "Running", "Succeeded", "Failed", "Waiting", "Stopping", "Stopped", "Active", "Completed" ], "type": "string" }, "condition": { "description": "Condition of a rule", "enum": [ "All", "Any" ], "type": "string" }, "jobStatuses": { "description": "JobStatuses Matching job statuses within the rule", "items": { "description": "RadixBatchJobPhase represents the phase of the job", "enum": [ "Waiting", "Active", "Running", "Succeeded", "Failed", "Stopped" ], "type": "string" }, "type": "array" }, "operator": { "description": "Operator of a rule", "enum": [ "In", "NotIn" ], "type": "string" } }, "required": [ "batchStatus", "condition", "jobStatuses", "operator" ], "type": "object" }, "type": "array" }, "command": { "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "dockerfileName": { "description": "Name of the Dockerfile that builds the job.\nMore info: https://www.radix.equinor.com/radix-config#dockerfilename-2", "type": "string" }, "enabled": { "description": "Controls if the job shall be deployed.", "type": "boolean" }, "environmentConfig": { "description": "Configure environment specific settings for the job.\nMore info: https://www.radix.equinor.com/radix-config#environmentconfig-2", "items": { "description": "RadixJobComponentEnvironmentConfig defines environment specific settings\nfor a single job component within a RadixApplication", "properties": { "args": { "description": "Arguments to the entrypoint.\nThe container image's CMD is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "backoffLimit": { "description": "Environment specific value for the number of retries before marking this job failed.\nMore info: https://www.radix.equinor.com/radix-config#backofflimit-2", "format": "int32", "minimum": 0, "type": "integer" }, "batchStatusRules": { "description": "BatchStatusRules Rules define how a batch status in an environment is set corresponding to batch job statuses", "items": { "description": "BatchStatusRule Rule how to set a batch status by job statuses", "properties": { "batchStatus": { "description": "BatchStatus The status of the batch corresponding to job statuses", "enum": [ "Running", "Succeeded", "Failed", "Waiting", "Stopping", "Stopped", "Active", "Completed" ], "type": "string" }, "condition": { "description": "Condition of a rule", "enum": [ "All", "Any" ], "type": "string" }, "jobStatuses": { "description": "JobStatuses Matching job statuses within the rule", "items": { "description": "RadixBatchJobPhase represents the phase of the job", "enum": [ "Waiting", "Active", "Running", "Succeeded", "Failed", "Stopped" ], "type": "string" }, "type": "array" }, "operator": { "description": "Operator of a rule", "enum": [ "In", "NotIn" ], "type": "string" } }, "required": [ "batchStatus", "condition", "jobStatuses", "operator" ], "type": "object" }, "type": "array" }, "command": { "description": "Entrypoint array. Not executed within a shell.\nThe container image's ENTRYPOINT is used if this is not provided.\nVariable references $(VAR_NAME) are expanded using the container's environment. If a variable\ncannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced\nto a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. \"$$(VAR_NAME)\" will\nproduce the string literal \"$(VAR_NAME)\". Escaped references will never be expanded, regardless\nof whether the variable exists or not.\nMore info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "atomic" }, "dockerfileName": { "description": "Name of the Dockerfile that builds the component.\nMore info: https://www.radix.equinor.com/radix-config#dockerfilename", "type": "string" }, "enabled": { "description": "Controls if the job shall be deployed to this environment.", "type": "boolean" }, "environment": { "description": "Name of the environment which the settings applies to.", "maxLength": 63, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "failurePolicy": { "description": "Specifies the policy of handling failed job replicas. In particular, it allows to\nspecify the set of actions and conditions which need to be\nsatisfied to take the associated action.\nIf empty, the default behaviour applies - the counter of failed job replicas\nis incremented and it is checked against the backoffLimit.", "properties": { "rules": { "description": "A list of failure policy rules. The rules are evaluated in order.\nOnce a rule matches a job replica failure, the remaining of the rules are ignored.\nWhen no rule matches the failure, the default handling applies - the\ncounter of failures is incremented and it is checked against\nthe backoffLimit.", "items": { "description": "RadixJobComponentFailurePolicyRule describes how a job replica failure is handled when the onExitCodes rules are met.", "properties": { "action": { "description": "Specifies the action taken on a job replica failure when the onExitCodes requirements are satisfied.", "enum": [ "FailJob", "Ignore", "Count" ], "type": "string" }, "onExitCodes": { "description": "Represents the requirement on the job replica exit codes.", "properties": { "operator": { "description": "Represents the relationship between the job replica's exit code and the\nspecified values. Replicas completed with success (exit code 0) are\nexcluded from the requirement check.", "enum": [ "In", "NotIn" ], "type": "string" }, "values": { "description": "Specifies the set of values. The job replica's exit code is checked against this set of\nvalues with respect to the operator. The list must not contain duplicates.\nValue '0' cannot be used for the In operator.", "items": { "format": "int32", "minimum": 0, "type": "integer" }, "maxItems": 255, "minItems": 1, "type": "array", "x-kubernetes-list-type": "set" } }, "required": [ "operator", "values" ], "type": "object" } }, "required": [ "action", "onExitCodes" ], "type": "object" }, "maxItems": 20, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "rules" ], "type": "object" }, "identity": { "description": "Environment specific configuration for workload identity (federated credentials).\nMore info: https://www.radix.equinor.com/radix-config#identity-2", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "type": "object" }, "image": { "description": "Name of an existing container image to use when running the job.\nMore info: https://www.radix.equinor.com/radix-config#image-2", "type": "string" }, "imageTagName": { "description": "The imageTagName allows for flexible configuration of fixed images,\nbuilt outside of Radix, to be configured with separate tag for each environment.\nMore info: https://www.radix.equinor.com/radix-config#imagetagname-2", "type": "string" }, "monitoring": { "description": "Enabled or disables collection of custom Prometheus metrics.\nMore info: https://www.radix.equinor.com/radix-config#monitoring-2", "type": "boolean" }, "node": { "description": "Deprecated: use Runtime.NodeType instead.\nEnvironment specific GPU requirements for the job.\nMore info: https://www.radix.equinor.com/radix-config#node", "properties": { "gpu": { "description": "Defines rules for allowed GPU types.\nMore info: https://www.radix.equinor.com/radix-config#gpu", "type": "string" }, "gpuCount": { "description": "Defines minimum number of required GPUs.", "type": "string" } }, "type": "object" }, "notifications": { "description": "Notifications about batch or job status changes", "properties": { "webhook": { "description": "Webhook is a URL for notification about internal events or changes. The URL should be of a Radix component or job-component, with not public port.", "maxLength": 253, "minLength": 1, "type": "string" } }, "type": "object" }, "readOnlyFileSystem": { "description": "Controls if the filesystem shall be read-only.", "type": "boolean" }, "resources": { "description": "Environment specific configuration for CPU and memory resources.\nMore info: https://www.radix.equinor.com/radix-config#resources-3", "properties": { "limits": { "additionalProperties": { "type": "string" }, "description": "Limits describes the maximum amount of compute resources allowed.", "type": "object" }, "requests": { "additionalProperties": { "type": "string" }, "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if\nthat is explicitly specified, otherwise to an implementation-defined value.", "type": "object" } }, "type": "object" }, "runAsUser": { "description": "User ID to run the container as\nMore info: https://www.radix.equinor.com/radix-config#runasuser-1", "format": "int64", "minimum": 1, "type": "integer" }, "runtime": { "description": "Runtime defines environment specific target runtime requirements for the job", "properties": { "architecture": { "description": "CPU architecture target for the component or job. When Architecture and NodeType are not defined, the Architecture defaults to amd64.", "enum": [ "amd64", "arm64", "" ], "type": "string" }, "nodeType": { "description": "Defines the node type for the component. It is a values of the node-pool label and taint with key radix-nodetype, where component's or job's pods will be scheduled.\nMore info: https://www.radix.equinor.com/radix-config#nodetype", "maxLength": 120, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "secretRefs": { "description": "Environment specific configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/radix-config#secretrefs", "properties": { "azureKeyVaults": { "description": "List of Azure Key Vaults to get secrets from.", "items": { "description": "RadixAzureKeyVault defines an Azure keyvault.", "properties": { "items": { "description": "List of keyvault items (secrets, keys and certificates).", "items": { "description": "RadixAzureKeyVaultItem defines Azure Key Vault setting: secrets, keys, certificates", "properties": { "alias": { "description": "Alias overrides the default file name used when mounting the secret, key or certificate.", "minLength": 1, "type": "string" }, "encoding": { "description": "Encoding defines the encoding of a keyvault item when stored in the container.\nSetting encoding to base64 and format to pfx will fetch and write the base64 decoded pfx binary.", "enum": [ "base64" ], "type": "string" }, "envVar": { "description": "Defines the name of the environment variable that will contain the value of the secret, key or certificate.", "type": "string" }, "format": { "description": "Defines the format of the keyvault item.\npfx is only supported with type secret and PKCS12 or ECC certificate.\nDefault format for certificates is pem.", "enum": [ "pem", "pfx" ], "type": "string" }, "k8sSecretType": { "description": "K8sSecretType defines the type of Kubernetes secret the keyvault item will be stored in.\nopaque corresponds to \"Opaque\" and \"kubernetes.io/tls\" secret types: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", "enum": [ "opaque", "tls" ], "type": "string" }, "name": { "description": "Name of a secret, key or certificate in the keyvault.", "maxLength": 127, "minLength": 1, "type": "string" }, "type": { "description": "Type of item in the keyvault referenced by the name.", "enum": [ "secret", "key", "cert" ], "type": "string" }, "version": { "description": "Defines that a specific version of a keyvault item should be loaded.\nThe latest version is loaded when this field is not set.", "type": "string" } }, "required": [ "name" ], "type": "object" }, "minItems": 1, "type": "array" }, "name": { "description": "Name of the Azure keyvault.", "maxLength": 24, "minLength": 3, "type": "string" }, "path": { "description": "Path where secrets from the keyvault is mounted.", "minLength": 1, "type": "string" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Key Vault will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "items", "name" ], "type": "object" }, "type": "array" } }, "type": "object" }, "src": { "description": "Path to the Dockerfile that builds the component.\nMore info: https://www.radix.equinor.com/radix-config#src", "type": "string" }, "timeLimitSeconds": { "description": "Environment specific value for the maximum number of seconds the job can run.\nMore info: https://www.radix.equinor.com/radix-config#timelimitseconds-2", "format": "int64", "type": "integer" }, "variables": { "additionalProperties": { "type": "string" }, "description": "Environment specific environment variables.\nMore info: https://www.radix.equinor.com/radix-config#variables-2", "type": "object" }, "volumeMounts": { "description": "Configuration for mounting cloud storage into the job.\nMore info: https://www.radix.equinor.com/radix-config#volumemounts-2", "items": { "description": "RadixVolumeMount defines an external storage resource.", "properties": { "accessMode": { "description": "Deprecated: use BlobFuse2 instead.\nAccess mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "blobFuse2": { "description": "BlobFuse2 settings for Azure Storage FUSE CSI driver with the protocol fuse2", "properties": { "accessMode": { "description": "Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "attributeCache": { "description": "Configure attribute cache settings.", "properties": { "timeout": { "description": "The timeout (in seconds) for the attribute cache entries. Default 0.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "blockCache": { "description": "Configure block cache settings. Applicable when cacheMode is Block.", "properties": { "blockSize": { "description": "Size (in MB) of a block to be downloaded as a unit. Default is 4.", "format": "int32", "minimum": 1, "type": "integer" }, "diskSize": { "description": "Size (in MB) of total disk capacity that block cache can use.\n0 (default) disables disk caching.", "format": "int32", "minimum": 0, "type": "integer" }, "diskTimeout": { "description": "Timeout (in seconds) for which persisted data remains in disk cache. Default 120.", "format": "int32", "minimum": 0, "type": "integer" }, "parallelism": { "description": "Number of worker thread responsible for upload/download jobs. Default 8.", "format": "int32", "minimum": 1, "type": "integer" }, "poolSize": { "description": "Size (in MB) of total memory preallocated for block-cache.\nMinimum value = (prefetchCount + 1) * blockSize", "format": "int32", "minimum": 1, "type": "integer" }, "prefetchCount": { "description": "Max number of blocks to prefetch. Default 11.\nValue must be 0 (prefetching disabled) or greater than 10.", "format": "int32", "minimum": 0, "type": "integer" }, "prefetchOnOpen": { "description": "Start prefetching on open or wait for first read. Default false.", "type": "boolean" } }, "type": "object" }, "cacheMode": { "description": "Defines how files should be cached.\n\nFile: Reads and caches the entire file\nBlock (default): Blocks of fixed size are downloaded and cached\nDirectIO: Caching is disabled. All IO is passed directly to the storage account.", "enum": [ "File", "Block", "DirectIO" ], "type": "string" }, "container": { "description": "Container. Name of the container in the external storage resource.", "type": "string" }, "fileCache": { "description": "Configure file cache settings. Applicable when cacheMode is File.", "properties": { "timeout": { "description": "The timeout (in seconds) for which file cache is valid. Default 120.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "gid": { "description": "GID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "protocol": { "description": "Holds protocols of BlobFuse2 Azure Storage FUSE driver. Default is fuse2.", "enum": [ "fuse2", "" ], "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Requested size (opens new window)of allocated mounted volume. Default value is set to \"1Mi\" (1 megabyte). Current version of the driver does not affect mounted volume size\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resourceGroup": { "description": "ResourceGroup of a storage account. Applicable when using a workload identity.", "type": "string" }, "storageAccount": { "description": "Name of a storage account. It is mandatory when using a workload identity. It is optional when using Access Key, if it is not defined, it will be configured in a secret.", "type": "string" }, "streaming": { "description": "Deprecated: Configure caching with cacheMode.\nConfigure streaming settings.\nMore info: https://github.com/Azure/azure-storage-fuse/blob/main/STREAMING.md", "properties": { "enabled": { "description": "Deprecated: Configure caching with cacheMode in blobFuse2 section.\nEnable streaming mode. Default true.\nFor backward compatibility, Radix will use cachMode:File if this field is explicitly set to false.", "type": "boolean" } }, "type": "object" }, "subscriptionId": { "description": "SubscriptionId of a storage account. Applicable when using a workload identity.", "type": "string" }, "tenantId": { "description": "TenantId of a storage account. Applicable when using a workload identity.", "type": "string" }, "uid": { "description": "UID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "useAdls": { "description": "Enables blobfuse to access Azure DataLake storage account. When set to false, blobfuse will access Azure Block Blob storage account, hierarchical file system is not supported.\nDefault false. This must be turned on when HNS enabled account is mounted.", "type": "boolean" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Storage will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "container" ], "type": "object" }, "container": { "description": "Deprecated: Only required by the deprecated type: blob.", "type": "string" }, "emptyDir": { "description": "EmptyDir settings for EmptyDir volume", "properties": { "sizeLimit": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "SizeLimit defines the size of the emptyDir volume", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "required": [ "sizeLimit" ], "type": "object" }, "gid": { "description": "Deprecated: use BlobFuse2 instead.\nGID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "name": { "description": "User-defined name of the volume mount.\nMust be unique for the component.", "maxLength": 40, "minLength": 1, "type": "string" }, "path": { "description": "Path defines in which directory the external storage is mounted.", "minLength": 1, "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Deprecated: use BlobFuse2 instead.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "storage": { "description": "Deprecated: use BlobFuse2 instead.\nStorage defines the name of the container in the external storage resource.", "type": "string" }, "type": { "description": "Deprecated: use BlobFuse2 instead.\nType defines the storage type.", "enum": [ "azure-blob", "" ], "type": "string" }, "uid": { "description": "Deprecated: use BlobFuse2 instead.\nUID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" } }, "required": [ "name", "path" ], "type": "object" }, "type": "array" } }, "required": [ "environment" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "environment" ], "x-kubernetes-list-type": "map" }, "failurePolicy": { "description": "Specifies the policy of handling failed job replicas. In particular, it allows to\nspecify the set of actions and conditions which need to be\nsatisfied to take the associated action.\nIf empty, the default behaviour applies - the counter of failed job replicas\nis incremented and it is checked against the backoffLimit.", "properties": { "rules": { "description": "A list of failure policy rules. The rules are evaluated in order.\nOnce a rule matches a job replica failure, the remaining of the rules are ignored.\nWhen no rule matches the failure, the default handling applies - the\ncounter of failures is incremented and it is checked against\nthe backoffLimit.", "items": { "description": "RadixJobComponentFailurePolicyRule describes how a job replica failure is handled when the onExitCodes rules are met.", "properties": { "action": { "description": "Specifies the action taken on a job replica failure when the onExitCodes requirements are satisfied.", "enum": [ "FailJob", "Ignore", "Count" ], "type": "string" }, "onExitCodes": { "description": "Represents the requirement on the job replica exit codes.", "properties": { "operator": { "description": "Represents the relationship between the job replica's exit code and the\nspecified values. Replicas completed with success (exit code 0) are\nexcluded from the requirement check.", "enum": [ "In", "NotIn" ], "type": "string" }, "values": { "description": "Specifies the set of values. The job replica's exit code is checked against this set of\nvalues with respect to the operator. The list must not contain duplicates.\nValue '0' cannot be used for the In operator.", "items": { "format": "int32", "minimum": 0, "type": "integer" }, "maxItems": 255, "minItems": 1, "type": "array", "x-kubernetes-list-type": "set" } }, "required": [ "operator", "values" ], "type": "object" } }, "required": [ "action", "onExitCodes" ], "type": "object" }, "maxItems": 20, "type": "array", "x-kubernetes-list-type": "atomic" } }, "required": [ "rules" ], "type": "object" }, "identity": { "description": "Configuration for workload identity (federated credentials).\nMore info: https://www.radix.equinor.com/radix-config#identity-2", "properties": { "azure": { "description": "Azure identity configuration", "properties": { "clientId": { "description": "Defines the Client ID for a user defined managed identity or application ID for an application registration.", "type": "string" } }, "required": [ "clientId" ], "type": "object" } }, "type": "object" }, "image": { "description": "Name of an existing container image to use when running the job.\nMore info: https://www.radix.equinor.com/radix-config#image-2", "type": "string" }, "imageTagName": { "description": "The imageTagName allows for flexible configuration of fixed images,\nbuilt outside of Radix, it can be also configured with separate tag for each environment.\nMore info: https://www.radix.equinor.com/radix-config#imagetagname", "type": "string" }, "monitoring": { "description": "Enabled or disables collection of custom Prometheus metrics.\nMore info: https://www.radix.equinor.com/radix-config#monitoring", "type": "boolean" }, "monitoringConfig": { "description": "Configures the monitoring endpoint exposed by the job.\nThis endpoint is used by Prometheus to collect custom metrics.\nenvironmentConfig.monitoring must be set to true to enable collection of metrics for an environment.\nMore info: https://www.radix.equinor.com/radix-config#monitoringconfig-2", "properties": { "path": { "description": "Defines the path where metrics is served.", "type": "string" }, "portName": { "description": "Defines which port in the ports list where metrics is served.", "maxLength": 15, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "name": { "description": "Name of the environment which the settings applies to.", "maxLength": 50, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "node": { "description": "Deprecated: use Runtime.NodeType instead.\nDefines GPU requirements for the job.\nMore info: https://www.radix.equinor.com/radix-config#node", "properties": { "gpu": { "description": "Defines rules for allowed GPU types.\nMore info: https://www.radix.equinor.com/radix-config#gpu", "type": "string" }, "gpuCount": { "description": "Defines minimum number of required GPUs.", "type": "string" } }, "type": "object" }, "notifications": { "description": "Notifications about batch or job status changes", "properties": { "webhook": { "description": "Webhook is a URL for notification about internal events or changes. The URL should be of a Radix component or job-component, with not public port.", "maxLength": 253, "minLength": 1, "type": "string" } }, "type": "object" }, "payload": { "description": "Defines the path where the job payload is mounted.\nMore info: https://www.radix.equinor.com/radix-config#payload", "properties": { "path": { "description": "Path to the folder where payload is mounted", "minLength": 1, "type": "string" } }, "required": [ "path" ], "type": "object" }, "ports": { "description": "List of ports that the job binds to.", "items": { "description": "ComponentPort defines a named port.", "properties": { "name": { "description": "Name of the port.", "maxLength": 15, "minLength": 1, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" }, "port": { "description": "Port number.", "format": "int32", "maximum": 65535, "minimum": 1024, "type": "integer" } }, "required": [ "name", "port" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "readOnlyFileSystem": { "description": "Controls if the filesystem shall be read-only.", "type": "boolean" }, "resources": { "description": "Configures CPU and memory resources for the job.\nMore info: https://www.radix.equinor.com/radix-config#resources-common-2", "properties": { "limits": { "additionalProperties": { "type": "string" }, "description": "Limits describes the maximum amount of compute resources allowed.", "type": "object" }, "requests": { "additionalProperties": { "type": "string" }, "description": "Requests describes the minimum amount of compute resources required.\nIf Requests is omitted for a container, it defaults to Limits if\nthat is explicitly specified, otherwise to an implementation-defined value.", "type": "object" } }, "type": "object" }, "runAsUser": { "description": "User ID to run the container as\nMore info: https://www.radix.equinor.com/radix-config#runasuser-2", "format": "int64", "minimum": 1, "type": "integer" }, "runtime": { "description": "Runtime defines target runtime requirements for the job", "properties": { "architecture": { "description": "CPU architecture target for the component or job. When Architecture and NodeType are not defined, the Architecture defaults to amd64.", "enum": [ "amd64", "arm64", "" ], "type": "string" }, "nodeType": { "description": "Defines the node type for the component. It is a values of the node-pool label and taint with key radix-nodetype, where component's or job's pods will be scheduled.\nMore info: https://www.radix.equinor.com/radix-config#nodetype", "maxLength": 120, "pattern": "^(([a-z0-9][-a-z0-9]*)?[a-z0-9])?$", "type": "string" } }, "type": "object" }, "schedulerPort": { "description": "Defines the port number that the job-scheduler API server will listen to.\nMore info: https://www.radix.equinor.com/radix-config#schedulerport", "format": "int32", "maximum": 65535, "minimum": 1024, "type": "integer" }, "secretRefs": { "description": "Configuration for external secret stores, like Azure KeyVault.\nMore info: https://www.radix.equinor.com/radix-config#secretrefs", "properties": { "azureKeyVaults": { "description": "List of Azure Key Vaults to get secrets from.", "items": { "description": "RadixAzureKeyVault defines an Azure keyvault.", "properties": { "items": { "description": "List of keyvault items (secrets, keys and certificates).", "items": { "description": "RadixAzureKeyVaultItem defines Azure Key Vault setting: secrets, keys, certificates", "properties": { "alias": { "description": "Alias overrides the default file name used when mounting the secret, key or certificate.", "minLength": 1, "type": "string" }, "encoding": { "description": "Encoding defines the encoding of a keyvault item when stored in the container.\nSetting encoding to base64 and format to pfx will fetch and write the base64 decoded pfx binary.", "enum": [ "base64" ], "type": "string" }, "envVar": { "description": "Defines the name of the environment variable that will contain the value of the secret, key or certificate.", "type": "string" }, "format": { "description": "Defines the format of the keyvault item.\npfx is only supported with type secret and PKCS12 or ECC certificate.\nDefault format for certificates is pem.", "enum": [ "pem", "pfx" ], "type": "string" }, "k8sSecretType": { "description": "K8sSecretType defines the type of Kubernetes secret the keyvault item will be stored in.\nopaque corresponds to \"Opaque\" and \"kubernetes.io/tls\" secret types: https://kubernetes.io/docs/concepts/configuration/secret/#secret-types", "enum": [ "opaque", "tls" ], "type": "string" }, "name": { "description": "Name of a secret, key or certificate in the keyvault.", "maxLength": 127, "minLength": 1, "type": "string" }, "type": { "description": "Type of item in the keyvault referenced by the name.", "enum": [ "secret", "key", "cert" ], "type": "string" }, "version": { "description": "Defines that a specific version of a keyvault item should be loaded.\nThe latest version is loaded when this field is not set.", "type": "string" } }, "required": [ "name" ], "type": "object" }, "minItems": 1, "type": "array" }, "name": { "description": "Name of the Azure keyvault.", "maxLength": 24, "minLength": 3, "type": "string" }, "path": { "description": "Path where secrets from the keyvault is mounted.", "minLength": 1, "type": "string" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Key Vault will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "items", "name" ], "type": "object" }, "type": "array" } }, "type": "object" }, "secrets": { "description": "List of secret environment variable names.\nMore info: https://www.radix.equinor.com/radix-config#secrets-2", "items": { "type": "string" }, "type": "array" }, "src": { "description": "Path to the Dockerfile that builds the job.\nMore info: https://www.radix.equinor.com/radix-config#src-2", "type": "string" }, "timeLimitSeconds": { "description": "The maximum number of seconds the job can run.\nMore info: https://www.radix.equinor.com/radix-config#timelimitseconds", "format": "int64", "type": "integer" }, "variables": { "additionalProperties": { "type": "string" }, "description": "List of environment variables and values.\nMore info: https://www.radix.equinor.com/radix-config#variables-common-2", "type": "object" }, "volumeMounts": { "description": "Configuration for mounting cloud storage into the component.\nMore info: https://www.radix.equinor.com/radix-config#volumemounts", "items": { "description": "RadixVolumeMount defines an external storage resource.", "properties": { "accessMode": { "description": "Deprecated: use BlobFuse2 instead.\nAccess mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "blobFuse2": { "description": "BlobFuse2 settings for Azure Storage FUSE CSI driver with the protocol fuse2", "properties": { "accessMode": { "description": "Access mode from a container to an external storage. ReadOnlyMany (default), ReadWriteOnce, ReadWriteMany.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "enum": [ "ReadOnlyMany", "ReadWriteOnce", "ReadWriteMany", "" ], "type": "string" }, "attributeCache": { "description": "Configure attribute cache settings.", "properties": { "timeout": { "description": "The timeout (in seconds) for the attribute cache entries. Default 0.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "blockCache": { "description": "Configure block cache settings. Applicable when cacheMode is Block.", "properties": { "blockSize": { "description": "Size (in MB) of a block to be downloaded as a unit. Default is 4.", "format": "int32", "minimum": 1, "type": "integer" }, "diskSize": { "description": "Size (in MB) of total disk capacity that block cache can use.\n0 (default) disables disk caching.", "format": "int32", "minimum": 0, "type": "integer" }, "diskTimeout": { "description": "Timeout (in seconds) for which persisted data remains in disk cache. Default 120.", "format": "int32", "minimum": 0, "type": "integer" }, "parallelism": { "description": "Number of worker thread responsible for upload/download jobs. Default 8.", "format": "int32", "minimum": 1, "type": "integer" }, "poolSize": { "description": "Size (in MB) of total memory preallocated for block-cache.\nMinimum value = (prefetchCount + 1) * blockSize", "format": "int32", "minimum": 1, "type": "integer" }, "prefetchCount": { "description": "Max number of blocks to prefetch. Default 11.\nValue must be 0 (prefetching disabled) or greater than 10.", "format": "int32", "minimum": 0, "type": "integer" }, "prefetchOnOpen": { "description": "Start prefetching on open or wait for first read. Default false.", "type": "boolean" } }, "type": "object" }, "cacheMode": { "description": "Defines how files should be cached.\n\nFile: Reads and caches the entire file\nBlock (default): Blocks of fixed size are downloaded and cached\nDirectIO: Caching is disabled. All IO is passed directly to the storage account.", "enum": [ "File", "Block", "DirectIO" ], "type": "string" }, "container": { "description": "Container. Name of the container in the external storage resource.", "type": "string" }, "fileCache": { "description": "Configure file cache settings. Applicable when cacheMode is File.", "properties": { "timeout": { "description": "The timeout (in seconds) for which file cache is valid. Default 120.", "format": "int32", "minimum": 0, "type": "integer" } }, "type": "object" }, "gid": { "description": "GID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "protocol": { "description": "Holds protocols of BlobFuse2 Azure Storage FUSE driver. Default is fuse2.", "enum": [ "fuse2", "" ], "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Requested size (opens new window)of allocated mounted volume. Default value is set to \"1Mi\" (1 megabyte). Current version of the driver does not affect mounted volume size\nMore info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "resourceGroup": { "description": "ResourceGroup of a storage account. Applicable when using a workload identity.", "type": "string" }, "storageAccount": { "description": "Name of a storage account. It is mandatory when using a workload identity. It is optional when using Access Key, if it is not defined, it will be configured in a secret.", "type": "string" }, "streaming": { "description": "Deprecated: Configure caching with cacheMode.\nConfigure streaming settings.\nMore info: https://github.com/Azure/azure-storage-fuse/blob/main/STREAMING.md", "properties": { "enabled": { "description": "Deprecated: Configure caching with cacheMode in blobFuse2 section.\nEnable streaming mode. Default true.\nFor backward compatibility, Radix will use cachMode:File if this field is explicitly set to false.", "type": "boolean" } }, "type": "object" }, "subscriptionId": { "description": "SubscriptionId of a storage account. Applicable when using a workload identity.", "type": "string" }, "tenantId": { "description": "TenantId of a storage account. Applicable when using a workload identity.", "type": "string" }, "uid": { "description": "UID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "useAdls": { "description": "Enables blobfuse to access Azure DataLake storage account. When set to false, blobfuse will access Azure Block Blob storage account, hierarchical file system is not supported.\nDefault false. This must be turned on when HNS enabled account is mounted.", "type": "boolean" }, "useAzureIdentity": { "description": "UseAzureIdentity defines that credentials for accessing Azure Storage will be acquired using Azure Workload Identity instead of using a ClientID and Secret.", "type": "boolean" } }, "required": [ "container" ], "type": "object" }, "container": { "description": "Deprecated: Only required by the deprecated type: blob.", "type": "string" }, "emptyDir": { "description": "EmptyDir settings for EmptyDir volume", "properties": { "sizeLimit": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "SizeLimit defines the size of the emptyDir volume", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true } }, "required": [ "sizeLimit" ], "type": "object" }, "gid": { "description": "Deprecated: use BlobFuse2 instead.\nGID defines the group ID (number) which will be set as owner of the mounted volume.", "type": "string" }, "name": { "description": "User-defined name of the volume mount.\nMust be unique for the component.", "maxLength": 40, "minLength": 1, "type": "string" }, "path": { "description": "Path defines in which directory the external storage is mounted.", "minLength": 1, "type": "string" }, "requestsStorage": { "anyOf": [ { "type": "integer" }, { "type": "string" } ], "description": "Deprecated: use BlobFuse2 instead.\nMore info: https://www.radix.equinor.com/guides/volume-mounts/optional-settings/", "pattern": "^(\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\\+|-)?(([0-9]+(\\.[0-9]*)?)|(\\.[0-9]+))))?$", "x-kubernetes-int-or-string": true }, "storage": { "description": "Deprecated: use BlobFuse2 instead.\nStorage defines the name of the container in the external storage resource.", "type": "string" }, "type": { "description": "Deprecated: use BlobFuse2 instead.\nType defines the storage type.", "enum": [ "azure-blob", "" ], "type": "string" }, "uid": { "description": "Deprecated: use BlobFuse2 instead.\nUID defines the user ID (number) which will be set as owner of the mounted volume.", "type": "string" } }, "required": [ "name", "path" ], "type": "object" }, "type": "array" } }, "required": [ "name" ], "type": "object" }, "type": "array", "x-kubernetes-list-map-keys": [ "name" ], "x-kubernetes-list-type": "map" }, "privateImageHubs": { "additionalProperties": { "description": "RadixPrivateImageHubCredential contains credentials to use when pulling images\nfrom a protected container registry.", "properties": { "email": { "description": "The email address linked to the username.", "type": "string" }, "username": { "description": "Username with permission to pull images.\nThe password is set in Radix Web Console.", "minLength": 1, "type": "string" } }, "required": [ "username" ], "type": "object" }, "description": "Defines protected container registries used by components or jobs.\nMore info: https://www.radix.equinor.com/radix-config#privateimagehubs", "type": "object" } }, "required": [ "environments" ], "type": "object" } }, "required": [ "metadata", "spec" ], "type": "object" }