- Blog
- FAQ
- Product Demos
- API Guide
- GETGet an agent by name
- DELDelete an agent by name
- PATCHPerform a Patch on an agent by name
- GETQuery agent health
- GETGet all agents
- POSTCreate an agent
- POSTGet all agents based on a query
- GETGet the access report for an agent by name
- GETGet available permissions for an agent
- GETGet an audit context by name
- PATCHPerform a Patch on an audit context by name
- GETGet all audit contexts
- POSTCreate an audit context
- POSTGet all audit contexts based on a query
- GETGet the access report for an audit context by name
- GETGet available permissions for an audit context
- GETGet a cloud account by name
- DELDelete an cloud account by name
- PATCHPerform a Patch on a cloud account by name
- GETGet all cloud accounts
- POSTCreate a cloud account
- POSTGet all cloud accounts based on a query
- GETGet the access report for a cloud account by name
- GETGet available permissions for a cloud account resource type
- GETGet a domain by name
- DELDelete a domain by name
- PATCHPerform a Patch on a domain by name
- GETGet all domains
- POSTCreate a domain
- POSTGet all domains based on a query
- GETGet the access report for a domain by name
- GETGet available permissions for a domain resource type
- GETGet a group by name
- DELDelete a group by name
- PATCHPerform a Patch on a group by name
- GETGet all groups
- POSTCreate a group
- POSTGet all groups based on a query
- GETGet the access report for a group by name
- GETGet available permissions for a group resource type
- GETGet a GVC by name
- DELDelete a GVC by name
- PATCHPerform a Patch on a GVC by name
- GETGet all GVCs
- POSTCreate a GVC
- POSTGet all GVCs based on a query
- GETGet the access report for a GVC by name
- GETGet available permissions for a GVC resource type
- GETGet an identity by GVC and name
- DELDelete an identity by GVC and name
- PATCHPerform a Patch on an identity by name
- GETGet all identities in a GVC
- POSTCreate an identity
- GETGet all identities from all GVCs
- POSTGet all GVC identities based on a query
- GETGet the access report for an identity by GVC and name
- GETGet available permissions for an identity
- GETGet a image by name
- DELDelete an image by name
- PATCHPerform a Patch on an image by name
- GETGet all images
- POSTGet all images based on a query
- GETGet the access report for an image by name
- GETGet available permissions for an image resource type
- GETGet a location by name
- PATCHPerform a Patch on a location by name
- GETGet all locations
- POSTGet all locations based on a query
- GETGet the access report for a location by name
- GETGet available permissions for a location resource type
- GETGet an org by name
- PATCHPerform a Patch on an org by name
- GETGet all orgs
- POSTCreate an org
- POSTGet all orgs based on a query
- GETGet the access report for an org by name
- GETGet available permissions for an org resource type
- GETGet a policy by name
- DELDelete a policy by name
- PATCHPerform a Patch on a policy by name
- GETGet all policies
- POSTCreate a policy
- POSTGet all policies based on a query
- GETGet the access report for a policy by name
- GETGet available permissions for a policy resource type
- GETGet a quota by ID
- GETGet all quotas
- POSTGet all quotas based on a query
- GETGet available permissions for a quota resource type
- GETGet a secret by name
- DELDelete a secret by name
- PATCHPerform a Patch on a secret by name
- GETGet all secrets
- POSTCreate a secret
- GETGet the sensitive content of a secret by name
- POSTGet all secrets based on a query
- GETGet the access report for a secret by name
- GETGet available permissions for a secret resource type
- GETGet a service account by name
- DELDelete a service account by name
- PATCHPerform a Patch on a service account by name
- GETGet all service accounts
- POSTCreate a service account
- POSTGet all service accounts based on a query
- GETGet the access report for a service account by name
- POSTAdd a key to a service account
- GETGet available permissions for a service account resource type
- GETList tasks that you can accept to refuse
- GETList tasks that you can accept to refuse in a specific org
- GETGet a task by ID
- POSTPost
- DELDelete/Cancel a task by ID
- GETGet all tasks
- POSTGet all tasks based on a query
- GETGet available permissions for a task resource type
- GETGet a user by name
- DELDelete a user by name
- PATCHPerform a Patch on a user by name
- GETGet all users
- POSTGet all users based on a query
- POSTInvite users to this org
- GETGet the access report for a user by name
- GETGet available permissions for a user resource type
- GETGet a volumeset by GVC and name
- DELDelete a volumeset by name
- PATCHPerform a Patch on a volumeset by name
- GETList volumesets in a GVC you are authorized to view
- POSTCreate a volumeset
- GETGet all volumesets
- POSTGet all volumesets based on a query
- GETGet the access report for a volumeset by GVC and name
- GETGet available permissions for a volumeset resource type
- GETGet a workload by GVC and name
- DELDelete a workload by name
- PATCHPerform a Patch on a workload by name
- GETGet a deployment by GVC, workload and name
- GETList workloads in a GVC you are authorized to view
- POSTCreate a workload
- GETGet all workloads
- GETList deployments in a workload
- POSTGet all workloads based on a query
- GETGet the access report for a workload by GVC and name
- GETGet available permissions for a workload resource type
Overview
agent
auditctx
cloudaccount
domain
group
gvc
identity
image
location
org
policy
quota
secret
serviceaccount
task
user
volumeset
workload
Perform a Patch on a workload by name
Service account key can be used as API keys
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The minimum number of seconds a container must run without crashing to be considered available
The minimum number of seconds a container must run without crashing to be considered available
The group id assigned to any mounted volume
The group id assigned to any mounted volume
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The minimum number of seconds a container must run without crashing to be considered available
The group id assigned to any mounted volume
Authorizations
Service account key can be used as API keys
Path Parameters
Body
description
, tags
, gvc
, spec
type
, identityLink
, containers
, firewallConfig
, defaultOptions
, localOptions
, job
, sidecar
, supportDynamicTags
, rolloutOptions
, securityOptions
serverless
, standard
, cron
, stateful
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
The ports in the container which can receive internal and external traffic. For serverless workloads only the first port will be used.
http
, http2
, grpc
, tcp
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
Minimum CPU when capacityAI is enabled.
Minimum memory when capacityAI is enabled
Environment variables for the container at runtime. Default environment variables are also provided: CPLN_GVC, CPLN_LOCATION, CPLN_ORG, CPLN_PROVIDER, CPLN_WORKLOAD
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately before the container is stopped.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
The ports in the container which can receive internal and external traffic. For serverless workloads only the first port will be used.
http
, http2
, grpc
, tcp
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
Minimum CPU when capacityAI is enabled.
Minimum memory when capacityAI is enabled
Environment variables for the container at runtime. Default environment variables are also provided: CPLN_GVC, CPLN_LOCATION, CPLN_ORG, CPLN_PROVIDER, CPLN_WORKLOAD
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately before the container is stopped.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
image
, workingDir
, metrics
, port
, ports
, memory
, readinessProbe
, livenessProbe
, cpu
, minCpu
, minMemory
, env
, gpu
, inheritEnv
, command
, args
, lifecycle
, volumes
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
port
, path
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
The ports in the container which can receive internal and external traffic. For serverless workloads only the first port will be used.
http
, http2
, grpc
, tcp
http
, http2
, grpc
, tcp
protocol
, number
http
, http2
, grpc
, tcp
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
exec
, grpc
, tcpSocket
, httpGet
, initialDelaySeconds
, periodSeconds
, timeoutSeconds
, successThreshold
, failureThreshold
command
port
port
path
, port
, httpHeaders
, scheme
value
HTTP
, HTTPS
HTTP
, HTTPS
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
exec
, grpc
, tcpSocket
, httpGet
, initialDelaySeconds
, periodSeconds
, timeoutSeconds
, successThreshold
, failureThreshold
command
port
port
path
, port
, httpHeaders
, scheme
value
HTTP
, HTTPS
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
Minimum CPU when capacityAI is enabled.
Minimum memory when capacityAI is enabled
Environment variables for the container at runtime. Default environment variables are also provided: CPLN_GVC, CPLN_LOCATION, CPLN_ORG, CPLN_PROVIDER, CPLN_WORKLOAD
value
nvidia
model
, quantity
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
postStart
, preStop
exec
command
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately after the container is created.
exec
command
Command and arguments executed immediately before the container is stopped.
Command and arguments executed immediately before the container is stopped.
Command and arguments executed immediately before the container is stopped.
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately before the container is stopped.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
uri
, recoveryPolicy
, path
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
external
, internal
inboundAllowCIDR
, outboundAllowHostname
, outboundAllowPort
, outboundAllowCIDR
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
http
, https
, tcp
http
, https
, tcp
protocol
, number
http
, https
, tcp
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
http
, https
, tcp
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
inboundAllowType
, inboundAllowWorkload
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
http
, https
, tcp
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
schedule
, concurrencyPolicy
, historyLimit
, restartPolicy
, activeDeadlineSeconds
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
envoy
accessLog
, clusters
, excludedExternalAuth
, excludedRateLimit
, http
, network
, volumes
envoy.http_grpc_access_log
AUTO
, V2
, V3
envoy.http_grpc_access_log
AUTO
, V2
, V3
priority
, excludedWorkloads
, typed_config
envoy.http_grpc_access_log
@type
, common_config
, additional_request_headers_to_log
, additional_response_headers_to_log
, additional_response_trailers_to_log
log_name
, grpc_service
, transport_api_version
, buffer_flush_interval
, buffer_size_bytes
, filter_state_objects_to_log
, grpc_stream_retry_policy
envoy_grpc
, google_grpc
, timeout
, initial_metadata
cluster_name
, authority
, retry_policy
retry_back_off
, num_retries
base_interval
, max_interval
target_uri
, channel_credentials
, call_credentials
, stat_prefix
, credentials_factory_name
, config
ssl_credentials
, google_default
root_certs
, private_key
, cert_chain
filename
, inline_bytes
, inline_string
, environment_variable
filename
, inline_bytes
, inline_string
, environment_variable
filename
, inline_bytes
, inline_string
, environment_variable
access_token
, google_compute_engine
, google_refresh_token
, service_account_jwt_access
, google_iam
, from_plugin
, sts_service
json_key
, token_lifetime_seconds
authorization_token
, authority_selector
typed_config
token_exchange_service_uri
, resource
, audience
, scope
, requested_token_type
, subject_token_path
, subject_token_type
, actor_token_path
, actor_token_type
key
, value
, raw_value
AUTO
, V2
, V3
retry_back_off
, num_retries
base_interval
, max_interval
AUTO
, V2
, V3
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
excludedWorkloads
, transport_socket_matches
, alt_stat_name
, type
, cluster_type
, eds_cluster_config
, connect_timeout
, per_connection_buffer_limit_bytes
, lb_policy
, load_assignment
, health_checks
, max_requests_per_connection
, circuit_breakers
, upstream_http_protocol_options
, common_http_protocol_options
, http_protocol_options
, http2_protocol_options
, typed_extension_protocol_options
, dns_refresh_rate
, dns_failure_refresh_rate
, respect_dns_ttl
, dns_lookup_family
, dns_resolvers
, use_tcp_for_dns_lookups
, dns_resolution_config
, typed_dns_resolver_config
, wait_for_warm_on_init
, outlier_detection
, cleanup_interval
, upstream_bind_config
, lb_subset_config
, ring_hash_lb_config
, maglev_lb_config
, least_request_lb_config
, common_lb_config
, transport_socket
, metadata
, protocol_selection
, upstream_connection_options
, close_connections_on_host_health_failure
, ignore_health_on_host_removal
, filters
, load_balancing_policy
, track_timeout_budgets
, upstream_config
, track_cluster_stats
, preconnect_policy
, connection_pool_per_downstream_connection
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
cluster_name
, endpoints
, policy
match
, port
, svcPort
prefix
, path
, safe_regex
, path_separated_prefix
, path_match_policy
, case_sensitive
, runtime_fraction
, headers
, query_parameters
, grpc
, tls_context
, dynamic_metadata
google_re2
, regex
max_program_size
typed_config
default_value
, runtime_key
numerator
, denominator
safe_regex_match
, range_match
, present_match
, string_match
, invert_match
, treat_missing_header_as_empty
google_re2
, regex
max_program_size
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
string_match
, present_match
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
presented
, validated
presented
, validated
filter
, path
, value
, invert
key
null_match
, double_match
, string_match
, bool_match
, present_match
range
, exact
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
match
, port
, svcPort
prefix
, path
, safe_regex
, path_separated_prefix
, path_match_policy
, case_sensitive
, runtime_fraction
, headers
, query_parameters
, grpc
, tls_context
, dynamic_metadata
google_re2
, regex
max_program_size
typed_config
default_value
, runtime_key
numerator
, denominator
safe_regex_match
, range_match
, present_match
, string_match
, invert_match
, treat_missing_header_as_empty
google_re2
, regex
max_program_size
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
string_match
, present_match
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
presented
, validated
presented
, validated
filter
, path
, value
, invert
key
null_match
, double_match
, string_match
, bool_match
, present_match
range
, exact
start
, end
exact
, prefix
, suffix
, safe_regex
, contains
, ignore_case
google_re2
, regex
max_program_size
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
uri
, recoveryPolicy
, path
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
minReadySeconds
, maxUnavailableReplicas
, maxSurgeReplicas
, scalingPolicy
The minimum number of seconds a container must run without crashing to be considered available
OrderedReady
, Parallel
The minimum number of seconds a container must run without crashing to be considered available
OrderedReady
, Parallel
filesystemGroupId
The group id assigned to any mounted volume
The group id assigned to any mounted volume
serverless
, standard
, cron
, stateful
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
The ports in the container which can receive internal and external traffic. For serverless workloads only the first port will be used.
http
, http2
, grpc
, tcp
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
Minimum CPU when capacityAI is enabled.
Minimum memory when capacityAI is enabled
Environment variables for the container at runtime. Default environment variables are also provided: CPLN_GVC, CPLN_LOCATION, CPLN_ORG, CPLN_PROVIDER, CPLN_WORKLOAD
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately before the container is stopped.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
http
, https
, tcp
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The minimum number of seconds a container must run without crashing to be considered available
OrderedReady
, Parallel
The group id assigned to any mounted volume
Response
serverless
, standard
, cron
, stateful
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The name of the container.
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
The ports in the container which can receive internal and external traffic. For serverless workloads only the first port will be used.
http
, http2
, grpc
, tcp
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
Minimum CPU when capacityAI is enabled.
Minimum memory when capacityAI is enabled
Environment variables for the container at runtime. Default environment variables are also provided: CPLN_GVC, CPLN_LOCATION, CPLN_ORG, CPLN_PROVIDER, CPLN_WORKLOAD
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Command and arguments executed immediately after the container is created.
Command and arguments executed immediately before the container is stopped.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
http
, https
, tcp
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
envoy.http_grpc_access_log
AUTO
, V2
, V3
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
envoy.filters.http.ext_authz
Empty
, Continue
, OK
, Created
, Accepted
, NonAuthoritativeInformation
, NoContent
, ResetContent
, PartialContent
, MultiStatus
, AlradyReported
, IMUsed
, MultipleChoices
, MovedPermanently
, Found
, SeeOther
, NotModified
, UseProxy
, TemporaryRedirect
, PermanentRedirect
, BadRequest
, Unauthroized
, PaymentRequired
, Forbidden
, NotFound
, MethodNotAllowed
, NotAcceptable
, ProxyAuthenticationRequired
, RequestTimeout
, Conflict
, Gone
, LengthRequired
, PreconditionFailed
, PayloadTooLarge
, URITooLong
, UnsupportedMediaType
, RangeNotSatisfiable
, ExpectationFailed
, MisdirectedRequest
, UnprocessableEntity
, Locked
, FailedDependency
, UpgradeRequired
, PreconditionRequired
, TooManyRequests
, RequestHeaderFieldsTooLarge
, InternalServerError
, NotImplemented
, BadGateway
, ServiceUnavailable
, GatewayTimeout
, HTTPVersionNotSupported
, VariantAlsoNegotiates
, InsufficientStorage
, LoopDetected
, NotExtended
, NetworkAuthenticationRequired
AUTO
, V2
, V3
type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The minimum number of seconds a container must run without crashing to be considered available
OrderedReady
, Parallel
The group id assigned to any mounted volume