Overview
agent
auditctx
cloudaccount
- GETGet a cloud account by name
- DELDelete an cloud account by name
- PATCHPerform a Patch on a cloud account by name
- GETGet all cloud accounts
- POSTCreate a cloud account
- POSTGet all cloud accounts based on a query
- GETGet the access report for a cloud account by name
- GETGet available permissions for a cloud account resource type
domain
group
gvc
identity
- GETGet an identity by GVC and name
- DELDelete an identity by GVC and name
- PATCHPerform a Patch on an identity by name
- GETGet all identities in a GVC
- POSTCreate an identity
- GETGet all identities from all GVCs
- POSTGet all GVC identities based on a query
- GETGet the access report for an identity by GVC and name
- GETGet available permissions for an identity
image
location
org
policy
quota
secret
- GETGet a secret by name
- DELDelete a secret by name
- PATCHPerform a Patch on a secret by name
- GETGet all secrets
- POSTCreate a secret
- GETGet the sensitive content of a secret by name
- POSTGet all secrets based on a query
- GETGet the access report for a secret by name
- GETGet available permissions for a secret resource type
serviceaccount
- GETGet a service account by name
- DELDelete a service account by name
- PATCHPerform a Patch on a service account by name
- GETGet all service accounts
- POSTCreate a service account
- POSTGet all service accounts based on a query
- GETGet the access report for a service account by name
- POSTAdd a key to a service account
- GETGet available permissions for a service account resource type
task
user
volumeset
- GETGet a volumeset by GVC and name
- DELDelete a volumeset by name
- PATCHPerform a Patch on a volumeset by name
- GETList volumesets in a GVC you are authorized to view
- POSTCreate a volumeset
- GETGet all volumesets
- POSTGet all volumesets based on a query
- GETGet the access report for a volumeset by GVC and name
- GETGet available permissions for a volumeset resource type
workload
- GETGet a workload by GVC and name
- DELDelete a workload by name
- PATCHPerform a Patch on a workload by name
- GETGet a deployment by GVC, workload and name
- GETList workloads in a GVC you are authorized to view
- POSTCreate a workload
- GETGet all workloads
- GETList deployments in a workload
- POSTGet all workloads based on a query
- GETGet the access report for a workload by GVC and name
- GETGet available permissions for a workload resource type
Perform a Patch on a workload by name
Service account key can be used as API keys
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The group id assigned to any mounted volume
The group id assigned to any mounted volume
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
Extra kubernetes modifications. Only used for BYOK.
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The group id assigned to any mounted volume
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
Extra kubernetes modifications. Only used for BYOK.
Authorizations
Service account key can be used as API keys
Body
description
, tags
, gvc
, spec
250
type
, identityLink
, containers
, firewallConfig
, defaultOptions
, localOptions
, job
, sidecar
, supportDynamicTags
, rolloutOptions
, securityOptions
, loadBalancer
, extras
serverless
, standard
, cron
, stateful
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
20
A Probe to check if the workload is ready to receive additional traffic.
A Probe to check if the workload is healthy or should be restarted.
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
20
Minimum CPU when capacityAI is enabled.
20
Minimum memory when capacityAI is enabled
20
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
20
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
20
Minimum CPU when capacityAI is enabled.
20
Minimum memory when capacityAI is enabled
20
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
image
, workingDir
, metrics
, port
, ports
, memory
, readinessProbe
, livenessProbe
, cpu
, minCpu
, minMemory
, env
, gpu
, inheritEnv
, command
, args
, lifecycle
, volumes
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
20
exec
, grpc
, tcpSocket
, httpGet
, initialDelaySeconds
, periodSeconds
, timeoutSeconds
, successThreshold
, failureThreshold
command
path
, port
, httpHeaders
, scheme
HTTP
, HTTPS
HTTP
, HTTPS
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
exec
, grpc
, tcpSocket
, httpGet
, initialDelaySeconds
, periodSeconds
, timeoutSeconds
, successThreshold
, failureThreshold
command
path
, port
, httpHeaders
, scheme
HTTP
, HTTPS
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
20
Minimum CPU when capacityAI is enabled.
20
Minimum memory when capacityAI is enabled
20
nvidia
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
postStart
, preStop
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
uri
, recoveryPolicy
, path
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
external
, internal
inboundAllowCIDR
, inboundBlockedCIDR
, outboundAllowHostname
, outboundAllowPort
, outboundAllowCIDR
, outboundBlockedCIDR
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
protocol
, number
http
, https
, tcp
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
inboundAllowType
, inboundAllowWorkload
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
schedule
, concurrencyPolicy
, historyLimit
, restartPolicy
, activeDeadlineSeconds
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
envoy
accessLog
, clusters
, excludedExternalAuth
, excludedRateLimit
, http
, network
, volumes
priority
, excludedWorkloads
, typed_config
envoy.http_grpc_access_log
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
excludedWorkloads
, transport_socket_matches
, alt_stat_name
, type
, cluster_type
, eds_cluster_config
, connect_timeout
, per_connection_buffer_limit_bytes
, lb_policy
, load_assignment
, health_checks
, max_requests_per_connection
, circuit_breakers
, upstream_http_protocol_options
, common_http_protocol_options
, http_protocol_options
, http2_protocol_options
, typed_extension_protocol_options
, dns_refresh_rate
, dns_failure_refresh_rate
, respect_dns_ttl
, dns_lookup_family
, dns_resolvers
, use_tcp_for_dns_lookups
, dns_resolution_config
, typed_dns_resolver_config
, wait_for_warm_on_init
, outlier_detection
, cleanup_interval
, upstream_bind_config
, lb_subset_config
, ring_hash_lb_config
, maglev_lb_config
, least_request_lb_config
, common_lb_config
, transport_socket
, metadata
, protocol_selection
, upstream_connection_options
, close_connections_on_host_health_failure
, ignore_health_on_host_removal
, filters
, load_balancing_policy
, track_timeout_budgets
, upstream_config
, track_cluster_stats
, preconnect_policy
, connection_pool_per_downstream_connection
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
match
, port
, svcPort
match
, port
, svcPort
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
uri
, recoveryPolicy
, path
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The group id assigned to any mounted volume
direct
, geoLocation
enabled
, ports
, ipSet
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
externalPort
, protocol
, scheme
, containerPort
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
enabled
, headers
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
asn
, city
, country
, region
The geo asn header
The geo city header
The geo country header
The geo region header
The geo asn header
The geo city header
The geo country header
The geo region header
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
The geo asn header
The geo city header
The geo country header
The geo region header
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
The geo asn header
The geo city header
The geo country header
The geo region header
affinity
, tolerations
, topologySpreadConstraints
serverless
, standard
, cron
, stateful
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
20
A Probe to check if the workload is ready to receive additional traffic.
HTTP
, HTTPS
A Probe to check if the workload is healthy or should be restarted.
HTTP
, HTTPS
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
20
Minimum CPU when capacityAI is enabled.
20
Minimum memory when capacityAI is enabled
20
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The group id assigned to any mounted volume
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.
The geo asn header
The geo city header
The geo country header
The geo region header
Response
250
49
serverless
, standard
, cron
, stateful
The identityLink is used as the access scope for 3rd party cloud resources. A single identity can provide access to multiple cloud providers.
The name of the container.
64
The full image and tag path for a public or private docker registry. Private container images must have valid credentials configured in 'pullSecretLinks' on the GVC (Global Virtual Cloud).
The port in the container which receives external traffic or traffic from other workloads. Only one container is allowed to specify a port.
reserved memory of the workload when capacityAI is disabled. maximum memory when CapacityAI is enabled.
20
A Probe to check if the workload is ready to receive additional traffic.
A Probe to check if the workload is healthy or should be restarted.
reserved CPU of the workload when capacityAI is disabled. maximum CPU when CapacityAI is enabled.
20
Minimum CPU when capacityAI is enabled.
20
Minimum memory when capacityAI is enabled
20
Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name.
Optionally override the entrypoint
Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list.
Mount Object Store (S3, GCS, AzureBlob) buckets as file system
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
Optional control of inbound and outbound access to the workload for external (public) and internal (service to service) traffic. Access is restricted by default.
The external firewall is used to control access to and from the public internet.
The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard '' is allowed on the prefix of the hostname only, ex: '.amazonaws.com'. Use 'outboundAllowCIDR' to allow access to all external websites (not recommended). The ports 80, 443 & 445 are allowed by default. This can be modified using the outboundAllowPort setting.
Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443.
The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet (not recommended).
The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed reach. Addresses in the allow list will only be allowed if they do not exist in this list.
The internal firewall is used to control access between workloads.
Used to control the internal firewall configuration and mutual tls. 'none': no access is allowed between this workload and other workloads on Control Plane. 'same-gvc': workloads running on the same Global Virtual Cloud are allowed to access this workload internally. 'same-org': workloads running on the same Control Plane Organization are allowed to access this workload internally. 'workload-list': specific workloads provided in the 'inboundAllowWorkload' array are allowed to access this workload internally.
none
, same-gvc
, same-org
, workload-list
A list of specific workloads which are allowed to access this workload internally.
Set defaultOptions for the workload in all Control Plane Locations.
A standard cron schedule expression used to determine when your job should execute.
Either 'Forbid' or 'Replace'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running.
Forbid
, Replace
The maximum number of completed job instances to display. This should be an integer between 1 and 10.
Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails.
OnFailure
, Never
The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status.
STATIC
, STRICT_DNS
, LOGICAL_DNS
, EDS
, ORIGINAL_DST
Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists.
retain
, recycle
If this is enabled, Control Plane will automatically redeploy your workload when one of the container images is updated in the container registry.
The group id assigned to any mounted volume
direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required
when disabled, this load balancer will be stopped
list of ports that will be exposed by this load balancer
The port that is available publicly
The protocol that is exposed publicly
TCP
, UDP
overrides the default https
url scheme that will be used for links in the UI and status
http
, tcp
, https
, ws
, wss
The port on the container tha will receive this traffic
When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced.