diff --git a/.github/workflows/api-docs.yaml b/.github/workflows/api-docs.yaml new file mode 100644 index 00000000..c07ad1a9 --- /dev/null +++ b/.github/workflows/api-docs.yaml @@ -0,0 +1,43 @@ +name: write api-docs to skip.kartverket.no + +on: + push: + +jobs: + run-crdoc: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + path: skiperator + + - name: Run crdoc Docker container + run: | + sudo docker run -u $(id -u):$(id -g) --rm -v $PWD:/workdir ghcr.io/fybrik/crdoc:latest --resources /workdir/skiperator/config/crd --output /workdir/api-docs.md + + - name: Checkout target repository + uses: actions/checkout@v4 + with: + path: docs + repository: kartverket/skip.kartverket.no + ref: test + ssh-key: ${{ secrets.SKIPDOCS_DEPLOY_KEY }} + + - name: Copy generated output to target repo + run: | + cd ../.. + ls + pwd + cp api-docs.md docs/docs/13-skiperator/04-api-docs.md + + - name: Commit and push changes + run: | + git config --global user.email "skiperator@kartverket.no" + git config --global user.name "GithubActions" + git add . + git commit -m "Update output.md" + git push origin test diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ce628c18..d8997a28 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,12 +7,14 @@ on: - samples/** - README.md - CONTRIBUTING.md + - .github/workflows/api-docs.yaml push: paths-ignore: - doc/** - samples/** - README.md - CONTRIBUTING.md + - .github/workflows/api-docs.yaml jobs: test: diff --git a/api-docs.md b/api-docs.md new file mode 100644 index 00000000..a1753e3e --- /dev/null +++ b/api-docs.md @@ -0,0 +1,4685 @@ +# API Reference + +Packages: + +- [skiperator.kartverket.no/v1alpha1](#skiperatorkartverketnov1alpha1) + +# skiperator.kartverket.no/v1alpha1 + +Resource Types: + +- [Application](#application) + +- [Routing](#routing) + +- [SKIPJob](#skipjob) + + + + +## Application +[↩ Parent](#skiperatorkartverketnov1alpha1 ) + + + + + + +Application + +Root object for Application resource. An application resource is a resource for easily managing a Dockerized container within the context of a Kartverket cluster. +This allows product teams to avoid the need to set up networking on the cluster, as well as a lot of out of the box security features. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringskiperator.kartverket.no/v1alpha1true
kindstringApplicationtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject +
+ 		false
statusobject + SkiperatorStatus + +A status field shown on a Skiperator resource which contains information regarding deployment of the resource.
+ 		false
+ + +### Application.spec +[↩ Parent](#application) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
imagestring + The image the application will run. This image will be added to a Deployment resource
+ 		true
portinteger + The port the deployment exposes
+ 		true
accessPolicyobject + The root AccessPolicy for managing zero trust access to your Application. See AccessPolicy for more information.
+ 		false
additionalPorts[]object + An optional list of extra port to expose on a pod level basis, +for example so Instana or other APM tools can reach it
+ 		false
appProtocolenum + Protocol that the application speaks.
+
+ Enum: http, tcp, udp
+ Default: http
+ 		false
authorizationSettingsobject + Used for allow listing certain default blocked endpoints, such as /actuator/ end points
+ 		false
command[]string + Override the command set in the Dockerfile. Usually only used when debugging +or running third-party containers where you don't have control over the Dockerfile
+ 		false
enablePDBboolean + Whether to enable automatic Pod Disruption Budget creation for this application.
+
+ Default: true
+ 		false
env[]object + Environment variables that will be set inside the Deployment's Pod. See https://pkg.go.dev/k8s.io/api/core/v1#EnvVar for examples.
+ 		false
envFrom[]object + Environment variables mounted from files. When specified all the keys of the +resource will be assigned as environment variables. Supports both configmaps +and secrets. + +For mounting as files see FilesFrom.
+ 		false
filesFrom[]object + Mounting volumes into the Deployment are done using the FilesFrom argument + +FilesFrom supports ConfigMaps, Secrets and PVCs. The Application resource +assumes these have already been created by you, and will fail if this is not the case. + +For mounting environment variables see EnvFrom.
+ 		false
gcpobject + GCP is used to configure Google Cloud Platform specific settings for the application.
+ 		false
idportenobject + Settings for IDPorten integration with Digitaliseringsdirektoratet
+ 		false
ingresses[]string + Any external hostnames that route to this application. Using a skip.statkart.no-address +will make the application reachable for kartverket-clients (internal), other addresses +make the app reachable on the internet. Note that other addresses than skip.statkart.no +(also known as pretty hostnames) requires additional DNS setup. +The below hostnames will also have TLS certificates issued and be reachable on both +HTTP and HTTPS. + +Ingresses must be lowercase, contain no spaces, be a non-empty string, and have a hostname/domain separated by a period +They can optionally be suffixed with a plus and name of a custom TLS secret located in the istio-gateways namespace. +E.g. "foo.atkv3-dev.kartverket-intern.cloud+env-wildcard-cert"
+ 		false
labelsmap[string]string + Labels can be used if you want every resource created by your application to +have the same labels, including your application. This could for example be useful for +metrics, where a certain label and the corresponding resources liveliness can be combined. +Any amount of labels can be added as wanted, and they will all cascade down to all resources.
+ 		false
livenessobject + Liveness probes define a resource that returns 200 OK when the app is running +as intended. Returning a non-200 code will make kubernetes restart the app. +Liveness is optional, but when provided, path and port are required + +See Probe for structure definition.
+ 		false
maskinportenobject + Settings for Maskinporten integration with Digitaliseringsdirektoratet
+ 		false
podSettingsobject + PodSettings are used to apply specific settings to the Pod Template used by Skiperator to create Deployments. This allows you to set +things like annotations on the Pod to change the behaviour of sidecars, and set relevant Pod options such as TerminationGracePeriodSeconds.
+ 		false
priorityenum + An optional priority. Supported values are 'low', 'medium' and 'high'. +The default value is 'medium'. + +Most workloads should not have to specify this field. If you think you +do, please consult with SKIP beforehand.
+
+ Enum: low, medium, high
+ Default: medium
+ 		false
prometheusobject + Optional settings for how Prometheus compatible metrics should be scraped.
+ 		false
readinessobject + Readiness probes define a resource that returns 200 OK when the app is running +as intended. Kubernetes will wait until the resource returns 200 OK before +marking the pod as Running and progressing with the deployment strategy. +Readiness is optional, but when provided, path and port are required
+ 		false
redirectToHTTPSboolean + Controls whether the application will automatically redirect all HTTP calls to HTTPS via the istio VirtualService. +This redirect does not happen on the route /.well-known/acme-challenge/, as the ACME challenge can only be done on port 80.
+
+ Default: true
+ 		false
replicasJSON + The number of replicas can either be specified as a static number as follows: + + replicas: 2 + +Or by specifying a range between min and max to enable HorizontalPodAutoscaling. +The default value for replicas is: + replicas: + min: 2 + max: 5 + targetCpuUtilization: 80 +Using autoscaling is the recommended configuration for replicas.
+ 		false
resourceLabelsmap[string]map[string]string + ResourceLabels can be used if you want to add a label to a specific resources created by +the application. One such label could for example be set on a Deployment, such that +the deployment avoids certain rules from Gatekeeper, or similar. Any amount of labels may be added per ResourceLabels item.
+ 		false
resourcesobject + ResourceRequirements to apply to the deployment. It's common to set some of these to +prevent the app from swelling in resource usage and consuming all the +resources of other apps on the cluster.
+ 		false
startupobject + Kubernetes uses startup probes to know when a container application has started. +If such a probe is configured, it disables liveness and readiness checks until it +succeeds, making sure those probes don't interfere with the application startup. +This can be used to adopt liveness checks on slow starting containers, avoiding them +getting killed by Kubernetes before they are up and running. +Startup is optional, but when provided, path and port are required
+ 		false
strategyobject + Defines an alternative strategy for the Kubernetes deployment. This is useful when +the default strategy, RollingUpdate, is not usable. Setting type to +Recreate will take down all the pods before starting new pods, whereas the +default of RollingUpdate will try to start the new pods before taking down the +old ones. + +Valid values are: RollingUpdate, Recreate. Default is RollingUpdate
+ 		false
teamstring + Team specifies the team who owns this particular app. +Usually sourced from the namespace label.
+ 		false
+ + +### Application.spec.accessPolicy +[↩ Parent](#applicationspec) + + + +The root AccessPolicy for managing zero trust access to your Application. See AccessPolicy for more information. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
inboundobject + Inbound specifies the ingress rules. Which apps on the cluster can talk to this app?
+ 		false
outboundobject + Outbound specifies egress rules. Which apps on the cluster and the +internet is the Application allowed to send requests to?
+ 		false
+ + +### Application.spec.accessPolicy.inbound +[↩ Parent](#applicationspecaccesspolicy) + + + +Inbound specifies the ingress rules. Which apps on the cluster can talk to this app? + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
rules[]object + The rules list specifies a list of applications. When no namespace is +specified it refers to an app in the current namespace. For apps in +other namespaces namespace is required
+ 		true
+ + +### Application.spec.accessPolicy.inbound.rules[index] +[↩ Parent](#applicationspecaccesspolicyinbound) + + + +InternalRule + +The rules list specifies a list of applications. When no namespace is +specified it refers to an app in the current namespace. For apps in +other namespaces, namespace is required. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
applicationstring + The name of the Application you are allowing traffic to/from. If you wish to allow traffic from a SKIPJob, this field should +be suffixed with -skipjob
+ 		true
namespacestring + The namespace in which the Application you are allowing traffic to/from resides. If unset, uses namespace of Application.
+ 		false
namespacesByLabelmap[string]string + Namespace label value-pair in which the Application you are allowing traffic to/from resides. If both namespace and namespacesByLabel are set, namespace takes precedence and namespacesByLabel is omitted.
+ 		false
ports[]object + The ports to allow for the above application.
+ 		false
+ + +### Application.spec.accessPolicy.inbound.rules[index].ports[index] +[↩ Parent](#applicationspecaccesspolicyinboundrulesindex) + + + +NetworkPolicyPort describes a port to allow traffic on + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
endPortinteger + endPort indicates that the range of ports from port to endPort if set, inclusive, +should be allowed by the policy. This field cannot be defined if the port field +is not defined or if the port field is defined as a named (string) port. +The endPort must be equal or greater than port.
+
+ Format: int32
+ 		false
portint or string + port represents the port on the given protocol. This can either be a numerical or named +port on a pod. If this field is not provided, this matches all port names and +numbers. +If present, only traffic on the specified protocol AND port will be matched.
+ 		false
protocolstring + protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. +If not specified, this field defaults to TCP.
+ 		false
+ + +### Application.spec.accessPolicy.outbound +[↩ Parent](#applicationspecaccesspolicy) + + + +Outbound specifies egress rules. Which apps on the cluster and the +internet is the Application allowed to send requests to? + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
external[]object + External specifies which applications on the internet the application +can reach. Only host is required unless it is on another port than HTTPS port 443. +If other ports or protocols are required then `ports` must be specified as well
+ 		false
rules[]object + Rules apply the same in-cluster rules as InboundPolicy
+ 		false
+ + +### Application.spec.accessPolicy.outbound.external[index] +[↩ Parent](#applicationspecaccesspolicyoutbound) + + + +ExternalRule + +Describes a rule for allowing your Application to route traffic to external applications and hosts. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
hoststring +
+ 		true
ipstring + Non-HTTP requests (i.e. using the TCP protocol) need to use IP in addition to hostname +Only required for TCP requests. + +Note: Hostname must always be defined even if IP is set statically
+ 		false
ports[]object + The ports to allow for the above hostname. When not specified HTTP and +HTTPS on port 80 and 443 respectively are put into the allowlist
+ 		false
+ + +### Application.spec.accessPolicy.outbound.external[index].ports[index] +[↩ Parent](#applicationspecaccesspolicyoutboundexternalindex) + + + +ExternalPort + +A custom port describing an external host + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name is required and is an arbitrary name. Must be unique within all ExternalRule ports.
+ 		true
portinteger + The port number of the external host
+ 		true
protocolenum + The protocol to use for communication with the host. Only HTTP, HTTPS and TCP are supported.
+
+ Enum: HTTP, HTTPS, TCP
+ 		true
+ + +### Application.spec.accessPolicy.outbound.rules[index] +[↩ Parent](#applicationspecaccesspolicyoutbound) + + + +InternalRule + +The rules list specifies a list of applications. When no namespace is +specified it refers to an app in the current namespace. For apps in +other namespaces, namespace is required. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
applicationstring + The name of the Application you are allowing traffic to/from. If you wish to allow traffic from a SKIPJob, this field should +be suffixed with -skipjob
+ 		true
namespacestring + The namespace in which the Application you are allowing traffic to/from resides. If unset, uses namespace of Application.
+ 		false
namespacesByLabelmap[string]string + Namespace label value-pair in which the Application you are allowing traffic to/from resides. If both namespace and namespacesByLabel are set, namespace takes precedence and namespacesByLabel is omitted.
+ 		false
ports[]object + The ports to allow for the above application.
+ 		false
+ + +### Application.spec.accessPolicy.outbound.rules[index].ports[index] +[↩ Parent](#applicationspecaccesspolicyoutboundrulesindex) + + + +NetworkPolicyPort describes a port to allow traffic on + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
endPortinteger + endPort indicates that the range of ports from port to endPort if set, inclusive, +should be allowed by the policy. This field cannot be defined if the port field +is not defined or if the port field is defined as a named (string) port. +The endPort must be equal or greater than port.
+
+ Format: int32
+ 		false
portint or string + port represents the port on the given protocol. This can either be a numerical or named +port on a pod. If this field is not provided, this matches all port names and +numbers. +If present, only traffic on the specified protocol AND port will be matched.
+ 		false
protocolstring + protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. +If not specified, this field defaults to TCP.
+ 		false
+ + +### Application.spec.additionalPorts[index] +[↩ Parent](#applicationspec) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring +
+ 		true
portinteger +
+
+ Format: int32
+ 		true
protocolenum + Protocol defines network protocols supported for things like container ports.
+
+ Enum: TCP, UDP, SCTP
+ 		true
+ + +### Application.spec.authorizationSettings +[↩ Parent](#applicationspec) + + + +Used for allow listing certain default blocked endpoints, such as /actuator/ end points + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
allowAllboolean + Allows all endpoints by not creating an AuthorizationPolicy, and ignores the content of AllowList. +If field is false, the contents of AllowList will be used instead if AllowList is set.
+
+ Default: false
+ 		false
allowList[]string + Allows specific endpoints. Common endpoints one might want to allow include /actuator/health, /actuator/startup, /actuator/info. + +Note that endpoints are matched specifically on the input, so if you allow /actuator/health, you will *not* allow /actuator/health/
+ 		false
+ + +### Application.spec.env[index] +[↩ Parent](#applicationspec) + + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. Must be a C_IDENTIFIER.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +### Application.spec.env[index].valueFrom +[↩ Parent](#applicationspecenvindex) + + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +### Application.spec.env[index].valueFrom.configMapKeyRef +[↩ Parent](#applicationspecenvindexvaluefrom) + + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +### Application.spec.env[index].valueFrom.fieldRef +[↩ Parent](#applicationspecenvindexvaluefrom) + + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### Application.spec.env[index].valueFrom.resourceFieldRef +[↩ Parent](#applicationspecenvindexvaluefrom) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### Application.spec.env[index].valueFrom.secretKeyRef +[↩ Parent](#applicationspecenvindexvaluefrom) + + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +### Application.spec.envFrom[index] +[↩ Parent](#applicationspec) + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapstring + Name of Kubernetes ConfigMap in which the deployment should mount environment variables from. Must be in the same namespace as the Application
+ 		false
secretstring + Name of Kubernetes Secret in which the deployment should mount environment variables from. Must be in the same namespace as the Application
+ 		false
+ + +### Application.spec.filesFrom[index] +[↩ Parent](#applicationspec) + + + +FilesFrom + +Struct representing information needed to mount a Kubernetes resource as a file to a Pod's directory. +One of ConfigMap, Secret, EmptyDir or PersistentVolumeClaim must be present, and just represent the name of the resource in question +NB. Out-of-the-box, skiperator provides a writable 'emptyDir'-volume at '/tmp' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
mountPathstring + The path to mount the file in the Pods directory. Required.
+ 		true
configMapstring +
+ 		false
emptyDirstring +
+ 		false
persistentVolumeClaimstring +
+ 		false
secretstring +
+ 		false
+ + +### Application.spec.gcp +[↩ Parent](#applicationspec) + + + +GCP is used to configure Google Cloud Platform specific settings for the application. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
authobject + Configuration for authenticating a Pod with Google Cloud Platform +For authentication with GCP, to use services like Secret Manager and/or Pub/Sub we need +to set the GCP Service Account Pods should identify as. To allow this, we need the IAM role iam.workloadIdentityUser set on a GCP +service account and bind this to the Pod's Kubernetes SA. +Documentation on how this is done can be found here (Closed Wiki): +https://kartverket.atlassian.net/wiki/spaces/SKIPDOK/pages/422346824/Autentisering+mot+GCP+som+Kubernetes+SA
+ 		false
cloudSqlProxyobject + CloudSQL is used to deploy a CloudSQL proxy sidecar in the pod. +This is useful for connecting to CloudSQL databases that require Cloud SQL Auth Proxy.
+ 		false
+ + +### Application.spec.gcp.auth +[↩ Parent](#applicationspecgcp) + + + +Configuration for authenticating a Pod with Google Cloud Platform +For authentication with GCP, to use services like Secret Manager and/or Pub/Sub we need +to set the GCP Service Account Pods should identify as. To allow this, we need the IAM role iam.workloadIdentityUser set on a GCP +service account and bind this to the Pod's Kubernetes SA. +Documentation on how this is done can be found here (Closed Wiki): +https://kartverket.atlassian.net/wiki/spaces/SKIPDOK/pages/422346824/Autentisering+mot+GCP+som+Kubernetes+SA + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
serviceAccountstring + Name of the service account in which you are trying to authenticate your pod with +Generally takes the form of some-name@some-project-id.iam.gserviceaccount.com
+ 		true
+ + +### Application.spec.gcp.cloudSqlProxy +[↩ Parent](#applicationspecgcp) + + + +CloudSQL is used to deploy a CloudSQL proxy sidecar in the pod. +This is useful for connecting to CloudSQL databases that require Cloud SQL Auth Proxy. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
connectionNamestring + Connection name for the CloudSQL instance. Found in the Google Cloud Console under your CloudSQL resource. +The format is "projectName:region:instanceName" E.g. "skip-prod-bda1:europe-north1:my-db".
+ 		true
ipstring + The IP address of the CloudSQL instance. This is used to create a serviceentry for the CloudSQL proxy.
+ 		true
serviceAccountstring + Service account used by cloudsql auth proxy. This service account must have the roles/cloudsql.client role.
+ 		true
versionstring + Image version for the CloudSQL proxy sidecar.
+
+ Default: 2.8.0
+ 		false
+ + +### Application.spec.idporten +[↩ Parent](#applicationspec) + + + +Settings for IDPorten integration with Digitaliseringsdirektoratet + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + Whether to enable provisioning of an ID-porten client. +If enabled, an ID-porten client be provisioned.
+ 		true
accessTokenLifetimeinteger + AccessTokenLifetime is the lifetime in seconds for any issued access token from ID-porten. + +If unspecified, defaults to `3600` seconds (1 hour).
+
+ Minimum: 1
+ Maximum: 3600
+ 		false
clientNamestring + The name of the Client as shown in Digitaliseringsdirektoratet's Samarbeidsportal +Meant to be a human-readable name for separating clients in the portal
+ 		false
clientURIstring + ClientURI is the URL shown to the user at ID-porten when displaying a 'back' button or on errors.
+ 		false
frontchannelLogoutPathstring + FrontchannelLogoutPath is a valid path for your application where ID-porten sends a request to whenever the user has +initiated a logout elsewhere as part of a single logout (front channel logout) process.
+ 		false
integrationTypeenum + IntegrationType is used to make sensible choices for your client. +Which type of integration you choose will provide guidance on which scopes you can use with the client. +A client can only have one integration type. + +NB! It is not possible to change the integration type after creation.
+
+ Enum: krr, idporten, api_klient
+ 		false
postLogoutRedirectPathstring + PostLogoutRedirectPath is a simpler verison of PostLogoutRedirectURIs +that will be appended to the ingress
+ 		false
postLogoutRedirectURIs[]string + PostLogoutRedirectURIs are valid URIs that ID-porten will allow redirecting the end-user to after a single logout +has been initiated and performed by the application.
+ 		false
redirectPathstring + RedirectPath is a valid path that ID-porten redirects back to after a successful authorization request.
+ 		false
scopes[]string + Register different oauth2 Scopes on your client. +You will not be able to add a scope to your client that conflicts with the client's IntegrationType. +For example, you can not add a scope that is limited to the IntegrationType `krr` of IntegrationType `idporten`, and vice versa. + +Default for IntegrationType `krr` = ("krr:global/kontaktinformasjon.read", "krr:global/digitalpost.read") +Default for IntegrationType `idporten` = ("openid", "profile") +IntegrationType `api_klient` have no Default, checkout Digdir documentation.
+ 		false
sessionLifetimeinteger + SessionLifetime is the maximum lifetime in seconds for any given user's session in your application. +The timeout starts whenever the user is redirected from the `authorization_endpoint` at ID-porten. + +If unspecified, defaults to `7200` seconds (2 hours). +Note: Attempting to refresh the user's `access_token` beyond this timeout will yield an error.
+
+ Minimum: 3600
+ Maximum: 7200
+ 		false
+ + +### Application.spec.liveness +[↩ Parent](#applicationspec) + + + +Liveness probes define a resource that returns 200 OK when the app is running +as intended. Returning a non-200 code will make kubernetes restart the app. +Liveness is optional, but when provided, path and port are required + +See Probe for structure definition. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + The path to access on the HTTP server
+ 		true
portint or string + Number of the port to access on the container
+ 		true
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after +having succeeded. Defaults to 3. Minimum value is 1
+
+ Format: int32
+ Default: 3
+ 		false
initialDelayinteger + Delay sending the first probe by X seconds. Can be useful for applications that +are slow to start.
+
+ Format: int32
+ Default: 0
+ 		false
periodinteger + Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
+
+ Format: int32
+ Default: 10
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
+
+ Format: int32
+ Default: 1
+ 		false
timeoutinteger + Number of seconds after which the probe times out. Defaults to 1 second. +Minimum value is 1
+
+ Format: int32
+ Default: 1
+ 		false
+ + +### Application.spec.maskinporten +[↩ Parent](#applicationspec) + + + +Settings for Maskinporten integration with Digitaliseringsdirektoratet + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + If enabled, provisions and configures a Maskinporten client with consumed scopes and/or Exposed scopes with DigDir.
+ 		true
clientNamestring + The name of the Client as shown in Digitaliseringsdirektoratet's Samarbeidsportal +Meant to be a human-readable name for separating clients in the portal
+ 		false
scopesobject + Schema to configure Maskinporten clients with consumed scopes and/or exposed scopes.
+ 		false
+ + +### Application.spec.maskinporten.scopes +[↩ Parent](#applicationspecmaskinporten) + + + +Schema to configure Maskinporten clients with consumed scopes and/or exposed scopes. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
consumes[]object + This is the Schema for the consumes and exposes API. +`consumes` is a list of scopes that your client can request access to.
+ 		false
exposes[]object + `exposes` is a list of scopes your application want to expose to other organization where access to the scope is based on organization number.
+ 		false
+ + +### Application.spec.maskinporten.scopes.consumes[index] +[↩ Parent](#applicationspecmaskinportenscopes) + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + The scope consumed by the application to gain access to an external organization API. +Ensure that the NAV organization has been granted access to the scope prior to requesting access.
+ 		true
+ + +### Application.spec.maskinporten.scopes.exposes[index] +[↩ Parent](#applicationspecmaskinportenscopes) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
enabledboolean + If Enabled the configured scope is available to be used and consumed by organizations granted access.
+ 		true
namestring + The actual subscope combined with `Product`. +Ensure that `` matches `Pattern`.
+ 		true
productstring + The product-area your application belongs to e.g. arbeid, helse ... +This will be included in the final scope `nav:`.
+ 		true
accessibleForAllboolean + Allow any organization to access the scope.
+ 		false
allowedIntegrations[]string + Whitelisting of integration's allowed. +Default is `maskinporten`
+ 		false
atMaxAgeinteger + Max time in seconds for a issued access_token. +Default is `30` sec.
+
+ Minimum: 30
+ Maximum: 680
+ 		false
consumers[]object + External consumers granted access to this scope and able to request access_token.
+ 		false
delegationSourceenum + Delegation source for the scope. Default is empty, which means no delegation is allowed.
+
+ Enum: altinn
+ 		false
separatorstring + Separator is the character that separates `product` and `name` in the final scope: +`scope := :` +This overrides the default separator. +The default separator is `:`. If `name` contains `/`, the default separator is instead `/`.
+ 		false
+ + +### Application.spec.maskinporten.scopes.exposes[index].consumers[index] +[↩ Parent](#applicationspecmaskinportenscopesexposesindex) + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
orgnostring + The external business/organization number.
+ 		true
namestring + This is a describing field intended for clarity not used for any other purpose.
+ 		false
+ + +### Application.spec.podSettings +[↩ Parent](#applicationspec) + + + +PodSettings are used to apply specific settings to the Pod Template used by Skiperator to create Deployments. This allows you to set +things like annotations on the Pod to change the behaviour of sidecars, and set relevant Pod options such as TerminationGracePeriodSeconds. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
annotationsmap[string]string + Annotations that are set on Pods created by Skiperator. These annotations can for example be used to change the behaviour of sidecars and similar.
+ 		false
disablePodSpreadTopologyConstraintsboolean + DisablePodSpreadTopologyConstraints specifies whether to disable the addition of Pod Topology Spread Constraints to +a given pod.
+
+ Default: false
+ 		false
terminationGracePeriodSecondsinteger + TerminationGracePeriodSeconds determines how long Kubernetes waits after a SIGTERM signal sent to a Pod before terminating the pod. If your application uses longer than +30 seconds to terminate, you should increase TerminationGracePeriodSeconds.
+
+ Format: int64
+ Default: 30
+ 		false
+ + +### Application.spec.prometheus +[↩ Parent](#applicationspec) + + + +Optional settings for how Prometheus compatible metrics should be scraped. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + The port number or name where metrics are exposed (at the Pod level).
+ 		true
allowAllMetricsboolean + Setting AllowAllMetrics to true will ensure all exposed metrics are scraped. Otherwise, a list of predefined +metrics will be dropped by default. See util/constants.go for the default list.
+
+ Default: false
+ 		false
pathstring + The HTTP path where Prometheus compatible metrics exists
+
+ Default: /metrics
+ 		false
+ + +### Application.spec.readiness +[↩ Parent](#applicationspec) + + + +Readiness probes define a resource that returns 200 OK when the app is running +as intended. Kubernetes will wait until the resource returns 200 OK before +marking the pod as Running and progressing with the deployment strategy. +Readiness is optional, but when provided, path and port are required + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + The path to access on the HTTP server
+ 		true
portint or string + Number of the port to access on the container
+ 		true
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after +having succeeded. Defaults to 3. Minimum value is 1
+
+ Format: int32
+ Default: 3
+ 		false
initialDelayinteger + Delay sending the first probe by X seconds. Can be useful for applications that +are slow to start.
+
+ Format: int32
+ Default: 0
+ 		false
periodinteger + Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
+
+ Format: int32
+ Default: 10
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
+
+ Format: int32
+ Default: 1
+ 		false
timeoutinteger + Number of seconds after which the probe times out. Defaults to 1 second. +Minimum value is 1
+
+ Format: int32
+ Default: 1
+ 		false
+ + +### Application.spec.resources +[↩ Parent](#applicationspec) + + + +ResourceRequirements to apply to the deployment. It's common to set some of these to +prevent the app from swelling in resource usage and consuming all the +resources of other apps on the cluster. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
limitsmap[string]int or string + Limits set the maximum the app is allowed to use. Exceeding this limit will +make kubernetes kill the app and restart it. + +Limits can be set on the CPU and memory, but it is not recommended to put a limit on CPU, see: https://home.robusta.dev/blog/stop-using-cpu-limits
+ 		false
requestsmap[string]int or string + Requests set the initial allocation that is done for the app and will +thus be available to the app on startup. More is allocated on demand +until the limit is reached. + +Requests can be set on the CPU and memory.
+ 		false
+ + +### Application.spec.startup +[↩ Parent](#applicationspec) + + + +Kubernetes uses startup probes to know when a container application has started. +If such a probe is configured, it disables liveness and readiness checks until it +succeeds, making sure those probes don't interfere with the application startup. +This can be used to adopt liveness checks on slow starting containers, avoiding them +getting killed by Kubernetes before they are up and running. +Startup is optional, but when provided, path and port are required + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + The path to access on the HTTP server
+ 		true
portint or string + Number of the port to access on the container
+ 		true
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after +having succeeded. Defaults to 3. Minimum value is 1
+
+ Format: int32
+ Default: 3
+ 		false
initialDelayinteger + Delay sending the first probe by X seconds. Can be useful for applications that +are slow to start.
+
+ Format: int32
+ Default: 0
+ 		false
periodinteger + Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
+
+ Format: int32
+ Default: 10
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
+
+ Format: int32
+ Default: 1
+ 		false
timeoutinteger + Number of seconds after which the probe times out. Defaults to 1 second. +Minimum value is 1
+
+ Format: int32
+ Default: 1
+ 		false
+ + +### Application.spec.strategy +[↩ Parent](#applicationspec) + + + +Defines an alternative strategy for the Kubernetes deployment. This is useful when +the default strategy, RollingUpdate, is not usable. Setting type to +Recreate will take down all the pods before starting new pods, whereas the +default of RollingUpdate will try to start the new pods before taking down the +old ones. + +Valid values are: RollingUpdate, Recreate. Default is RollingUpdate + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
typeenum + Valid values are: RollingUpdate, Recreate. Default is RollingUpdate
+
+ Enum: RollingUpdate, Recreate
+ Default: RollingUpdate
+ 		false
+ + +### Application.status +[↩ Parent](#application) + + + +SkiperatorStatus + +A status field shown on a Skiperator resource which contains information regarding deployment of the resource. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessPoliciesstring + Indicates if access policies are valid
+ 		true
conditions[]object +
+ 		true
subresourcesmap[string]object +
+ 		true
summaryobject + Status
+ 		true
+ + +### Application.status.conditions[index] +[↩ Parent](#applicationstatus) + + + +Condition contains details for one aspect of the current state of this API Resource. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
lastTransitionTimestring + lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+
+ Format: date-time
+ 		true
messagestring + message is a human readable message indicating details about the transition. +This may be an empty string.
+ 		true
reasonstring + reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty.
+ 		true
statusenum + status of the condition, one of True, False, Unknown.
+
+ Enum: True, False, Unknown
+ 		true
typestring + type of condition in CamelCase or in foo.example.com/CamelCase.
+ 		true
observedGenerationinteger + observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance.
+
+ Format: int64
+ Minimum: 0
+ 		false
+ + +### Application.status.subresources[key] +[↩ Parent](#applicationstatus) + + + +Status + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
messagestring +
+
+ Default: hello
+ 		true
statusstring +
+
+ Default: Synced
+ 		true
timestampstring +
+
+ Default: hello
+ 		true
+ + +### Application.status.summary +[↩ Parent](#applicationstatus) + + + +Status + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
messagestring +
+
+ Default: hello
+ 		true
statusstring +
+
+ Default: Synced
+ 		true
timestampstring +
+
+ Default: hello
+ 		true
+ +## Routing +[↩ Parent](#skiperatorkartverketnov1alpha1 ) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringskiperator.kartverket.no/v1alpha1true
kindstringRoutingtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject +
+ 		true
statusobject + SkiperatorStatus + +A status field shown on a Skiperator resource which contains information regarding deployment of the resource.
+ 		false
+ + +### Routing.spec +[↩ Parent](#routing) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
hostnamestring +
+ 		true
routes[]object +
+ 		true
redirectToHTTPSboolean +
+
+ Default: true
+ 		false
+ + +### Routing.spec.routes[index] +[↩ Parent](#routingspec) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathPrefixstring +
+ 		true
targetAppstring +
+ 		true
portinteger +
+
+ Format: int32
+ 		false
rewriteUriboolean +
+
+ Default: false
+ 		false
+ + +### Routing.status +[↩ Parent](#routing) + + + +SkiperatorStatus + +A status field shown on a Skiperator resource which contains information regarding deployment of the resource. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessPoliciesstring + Indicates if access policies are valid
+ 		true
conditions[]object +
+ 		true
subresourcesmap[string]object +
+ 		true
summaryobject + Status
+ 		true
+ + +### Routing.status.conditions[index] +[↩ Parent](#routingstatus) + + + +Condition contains details for one aspect of the current state of this API Resource. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
lastTransitionTimestring + lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+
+ Format: date-time
+ 		true
messagestring + message is a human readable message indicating details about the transition. +This may be an empty string.
+ 		true
reasonstring + reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty.
+ 		true
statusenum + status of the condition, one of True, False, Unknown.
+
+ Enum: True, False, Unknown
+ 		true
typestring + type of condition in CamelCase or in foo.example.com/CamelCase.
+ 		true
observedGenerationinteger + observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance.
+
+ Format: int64
+ Minimum: 0
+ 		false
+ + +### Routing.status.subresources[key] +[↩ Parent](#routingstatus) + + + +Status + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
messagestring +
+
+ Default: hello
+ 		true
statusstring +
+
+ Default: Synced
+ 		true
timestampstring +
+
+ Default: hello
+ 		true
+ + +### Routing.status.summary +[↩ Parent](#routingstatus) + + + +Status + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
messagestring +
+
+ Default: hello
+ 		true
statusstring +
+
+ Default: Synced
+ 		true
timestampstring +
+
+ Default: hello
+ 		true
+ +## SKIPJob +[↩ Parent](#skiperatorkartverketnov1alpha1 ) + + + + + + +SKIPJob is the Schema for the skipjobs API + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
apiVersionstringskiperator.kartverket.no/v1alpha1true
kindstringSKIPJobtrue
metadataobjectRefer to the Kubernetes API documentation for the fields of the `metadata` field.true
specobject + SKIPJobSpec defines the desired state of SKIPJob + +A SKIPJob is either defined as a one-off or a scheduled job. If the Cron field is set for SKIPJob, it may not be removed. If the Cron field is unset, it may not be added. +The Container field of a SKIPJob is only mutable if the Cron field is set. If unset, you must delete your SKIPJob to change container settings.
+ 		true
statusobject + SkiperatorStatus + +A status field shown on a Skiperator resource which contains information regarding deployment of the resource.
+ 		false
+ + +### SKIPJob.spec +[↩ Parent](#skipjob) + + + +SKIPJobSpec defines the desired state of SKIPJob + +A SKIPJob is either defined as a one-off or a scheduled job. If the Cron field is set for SKIPJob, it may not be removed. If the Cron field is unset, it may not be added. +The Container field of a SKIPJob is only mutable if the Cron field is set. If unset, you must delete your SKIPJob to change container settings. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
containerobject + Settings for the Pods running in the job. Fields are mostly the same as an Application, and are (probably) better documented there. Some fields are omitted, but none added. +Once set, you may not change Container without deleting your current SKIPJob
+ 		true
cronobject + Settings for the Job if you are running a scheduled job. Optional as Jobs may be one-off.
+ 		false
jobobject + Settings for the actual Job. If you use a scheduled job, the settings in here will also specify the template of the job.
+ 		false
prometheusobject + Prometheus settings for pod running in job. Fields are identical to Application and if set, +a podmonitoring object is created.
+ 		false
+ + +### SKIPJob.spec.container +[↩ Parent](#skipjobspec) + + + +Settings for the Pods running in the job. Fields are mostly the same as an Application, and are (probably) better documented there. Some fields are omitted, but none added. +Once set, you may not change Container without deleting your current SKIPJob + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
imagestring +
+ 		true
accessPolicyobject + AccessPolicy + +Zero trust dictates that only applications with a reason for being able +to access another resource should be able to reach it. This is set up by +default by denying all ingress and egress traffic from the Pods in the +Deployment. The AccessPolicy field is an allowlist of other applications and hostnames +that are allowed to talk with this Application and which resources this app can talk to
+ 		false
additionalPorts[]object +
+ 		false
command[]string +
+ 		false
env[]object +
+ 		false
envFrom[]object +
+ 		false
filesFrom[]object +
+ 		false
gcpobject + GCP + +Configuration for interacting with Google Cloud Platform
+ 		false
livenessobject + Probe + +Type configuration for all types of Kubernetes probes.
+ 		false
podSettingsobject + PodSettings
+ 		false
priorityenum +
+
+ Enum: low, medium, high
+ Default: medium
+ 		false
readinessobject + Probe + +Type configuration for all types of Kubernetes probes.
+ 		false
resourcesobject + ResourceRequirements + +A simplified version of the Kubernetes native ResourceRequirement field, in which only Limits and Requests are present. +For the units used for resources, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes
+ 		false
restartPolicyenum + RestartPolicy describes how the container should be restarted. +Only one of the following restart policies may be specified. +If none of the following policies is specified, the default one +is RestartPolicyAlways.
+
+ Enum: OnFailure, Never
+ Default: Never
+ 		false
startupobject + Probe + +Type configuration for all types of Kubernetes probes.
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy +[↩ Parent](#skipjobspeccontainer) + + + +AccessPolicy + +Zero trust dictates that only applications with a reason for being able +to access another resource should be able to reach it. This is set up by +default by denying all ingress and egress traffic from the Pods in the +Deployment. The AccessPolicy field is an allowlist of other applications and hostnames +that are allowed to talk with this Application and which resources this app can talk to + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
inboundobject + Inbound specifies the ingress rules. Which apps on the cluster can talk to this app?
+ 		false
outboundobject + Outbound specifies egress rules. Which apps on the cluster and the +internet is the Application allowed to send requests to?
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy.inbound +[↩ Parent](#skipjobspeccontaineraccesspolicy) + + + +Inbound specifies the ingress rules. Which apps on the cluster can talk to this app? + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
rules[]object + The rules list specifies a list of applications. When no namespace is +specified it refers to an app in the current namespace. For apps in +other namespaces namespace is required
+ 		true
+ + +### SKIPJob.spec.container.accessPolicy.inbound.rules[index] +[↩ Parent](#skipjobspeccontaineraccesspolicyinbound) + + + +InternalRule + +The rules list specifies a list of applications. When no namespace is +specified it refers to an app in the current namespace. For apps in +other namespaces, namespace is required. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
applicationstring + The name of the Application you are allowing traffic to/from. If you wish to allow traffic from a SKIPJob, this field should +be suffixed with -skipjob
+ 		true
namespacestring + The namespace in which the Application you are allowing traffic to/from resides. If unset, uses namespace of Application.
+ 		false
namespacesByLabelmap[string]string + Namespace label value-pair in which the Application you are allowing traffic to/from resides. If both namespace and namespacesByLabel are set, namespace takes precedence and namespacesByLabel is omitted.
+ 		false
ports[]object + The ports to allow for the above application.
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy.inbound.rules[index].ports[index] +[↩ Parent](#skipjobspeccontaineraccesspolicyinboundrulesindex) + + + +NetworkPolicyPort describes a port to allow traffic on + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
endPortinteger + endPort indicates that the range of ports from port to endPort if set, inclusive, +should be allowed by the policy. This field cannot be defined if the port field +is not defined or if the port field is defined as a named (string) port. +The endPort must be equal or greater than port.
+
+ Format: int32
+ 		false
portint or string + port represents the port on the given protocol. This can either be a numerical or named +port on a pod. If this field is not provided, this matches all port names and +numbers. +If present, only traffic on the specified protocol AND port will be matched.
+ 		false
protocolstring + protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. +If not specified, this field defaults to TCP.
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy.outbound +[↩ Parent](#skipjobspeccontaineraccesspolicy) + + + +Outbound specifies egress rules. Which apps on the cluster and the +internet is the Application allowed to send requests to? + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
external[]object + External specifies which applications on the internet the application +can reach. Only host is required unless it is on another port than HTTPS port 443. +If other ports or protocols are required then `ports` must be specified as well
+ 		false
rules[]object + Rules apply the same in-cluster rules as InboundPolicy
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy.outbound.external[index] +[↩ Parent](#skipjobspeccontaineraccesspolicyoutbound) + + + +ExternalRule + +Describes a rule for allowing your Application to route traffic to external applications and hosts. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
hoststring +
+ 		true
ipstring + Non-HTTP requests (i.e. using the TCP protocol) need to use IP in addition to hostname +Only required for TCP requests. + +Note: Hostname must always be defined even if IP is set statically
+ 		false
ports[]object + The ports to allow for the above hostname. When not specified HTTP and +HTTPS on port 80 and 443 respectively are put into the allowlist
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy.outbound.external[index].ports[index] +[↩ Parent](#skipjobspeccontaineraccesspolicyoutboundexternalindex) + + + +ExternalPort + +A custom port describing an external host + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name is required and is an arbitrary name. Must be unique within all ExternalRule ports.
+ 		true
portinteger + The port number of the external host
+ 		true
protocolenum + The protocol to use for communication with the host. Only HTTP, HTTPS and TCP are supported.
+
+ Enum: HTTP, HTTPS, TCP
+ 		true
+ + +### SKIPJob.spec.container.accessPolicy.outbound.rules[index] +[↩ Parent](#skipjobspeccontaineraccesspolicyoutbound) + + + +InternalRule + +The rules list specifies a list of applications. When no namespace is +specified it refers to an app in the current namespace. For apps in +other namespaces, namespace is required. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
applicationstring + The name of the Application you are allowing traffic to/from. If you wish to allow traffic from a SKIPJob, this field should +be suffixed with -skipjob
+ 		true
namespacestring + The namespace in which the Application you are allowing traffic to/from resides. If unset, uses namespace of Application.
+ 		false
namespacesByLabelmap[string]string + Namespace label value-pair in which the Application you are allowing traffic to/from resides. If both namespace and namespacesByLabel are set, namespace takes precedence and namespacesByLabel is omitted.
+ 		false
ports[]object + The ports to allow for the above application.
+ 		false
+ + +### SKIPJob.spec.container.accessPolicy.outbound.rules[index].ports[index] +[↩ Parent](#skipjobspeccontaineraccesspolicyoutboundrulesindex) + + + +NetworkPolicyPort describes a port to allow traffic on + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
endPortinteger + endPort indicates that the range of ports from port to endPort if set, inclusive, +should be allowed by the policy. This field cannot be defined if the port field +is not defined or if the port field is defined as a named (string) port. +The endPort must be equal or greater than port.
+
+ Format: int32
+ 		false
portint or string + port represents the port on the given protocol. This can either be a numerical or named +port on a pod. If this field is not provided, this matches all port names and +numbers. +If present, only traffic on the specified protocol AND port will be matched.
+ 		false
protocolstring + protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. +If not specified, this field defaults to TCP.
+ 		false
+ + +### SKIPJob.spec.container.additionalPorts[index] +[↩ Parent](#skipjobspeccontainer) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring +
+ 		true
portinteger +
+
+ Format: int32
+ 		true
protocolenum + Protocol defines network protocols supported for things like container ports.
+
+ Enum: TCP, UDP, SCTP
+ 		true
+ + +### SKIPJob.spec.container.env[index] +[↩ Parent](#skipjobspeccontainer) + + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. Must be a C_IDENTIFIER.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +### SKIPJob.spec.container.env[index].valueFrom +[↩ Parent](#skipjobspeccontainerenvindex) + + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +### SKIPJob.spec.container.env[index].valueFrom.configMapKeyRef +[↩ Parent](#skipjobspeccontainerenvindexvaluefrom) + + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +### SKIPJob.spec.container.env[index].valueFrom.fieldRef +[↩ Parent](#skipjobspeccontainerenvindexvaluefrom) + + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +### SKIPJob.spec.container.env[index].valueFrom.resourceFieldRef +[↩ Parent](#skipjobspeccontainerenvindexvaluefrom) + + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +### SKIPJob.spec.container.env[index].valueFrom.secretKeyRef +[↩ Parent](#skipjobspeccontainerenvindexvaluefrom) + + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +### SKIPJob.spec.container.envFrom[index] +[↩ Parent](#skipjobspeccontainer) + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapstring + Name of Kubernetes ConfigMap in which the deployment should mount environment variables from. Must be in the same namespace as the Application
+ 		false
secretstring + Name of Kubernetes Secret in which the deployment should mount environment variables from. Must be in the same namespace as the Application
+ 		false
+ + +### SKIPJob.spec.container.filesFrom[index] +[↩ Parent](#skipjobspeccontainer) + + + +FilesFrom + +Struct representing information needed to mount a Kubernetes resource as a file to a Pod's directory. +One of ConfigMap, Secret, EmptyDir or PersistentVolumeClaim must be present, and just represent the name of the resource in question +NB. Out-of-the-box, skiperator provides a writable 'emptyDir'-volume at '/tmp' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
mountPathstring + The path to mount the file in the Pods directory. Required.
+ 		true
configMapstring +
+ 		false
emptyDirstring +
+ 		false
persistentVolumeClaimstring +
+ 		false
secretstring +
+ 		false
+ + +### SKIPJob.spec.container.gcp +[↩ Parent](#skipjobspeccontainer) + + + +GCP + +Configuration for interacting with Google Cloud Platform + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
authobject + Configuration for authenticating a Pod with Google Cloud Platform +For authentication with GCP, to use services like Secret Manager and/or Pub/Sub we need +to set the GCP Service Account Pods should identify as. To allow this, we need the IAM role iam.workloadIdentityUser set on a GCP +service account and bind this to the Pod's Kubernetes SA. +Documentation on how this is done can be found here (Closed Wiki): +https://kartverket.atlassian.net/wiki/spaces/SKIPDOK/pages/422346824/Autentisering+mot+GCP+som+Kubernetes+SA
+ 		false
cloudSqlProxyobject + CloudSQL is used to deploy a CloudSQL proxy sidecar in the pod. +This is useful for connecting to CloudSQL databases that require Cloud SQL Auth Proxy.
+ 		false
+ + +### SKIPJob.spec.container.gcp.auth +[↩ Parent](#skipjobspeccontainergcp) + + + +Configuration for authenticating a Pod with Google Cloud Platform +For authentication with GCP, to use services like Secret Manager and/or Pub/Sub we need +to set the GCP Service Account Pods should identify as. To allow this, we need the IAM role iam.workloadIdentityUser set on a GCP +service account and bind this to the Pod's Kubernetes SA. +Documentation on how this is done can be found here (Closed Wiki): +https://kartverket.atlassian.net/wiki/spaces/SKIPDOK/pages/422346824/Autentisering+mot+GCP+som+Kubernetes+SA + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
serviceAccountstring + Name of the service account in which you are trying to authenticate your pod with +Generally takes the form of some-name@some-project-id.iam.gserviceaccount.com
+ 		true
+ + +### SKIPJob.spec.container.gcp.cloudSqlProxy +[↩ Parent](#skipjobspeccontainergcp) + + + +CloudSQL is used to deploy a CloudSQL proxy sidecar in the pod. +This is useful for connecting to CloudSQL databases that require Cloud SQL Auth Proxy. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
connectionNamestring + Connection name for the CloudSQL instance. Found in the Google Cloud Console under your CloudSQL resource. +The format is "projectName:region:instanceName" E.g. "skip-prod-bda1:europe-north1:my-db".
+ 		true
ipstring + The IP address of the CloudSQL instance. This is used to create a serviceentry for the CloudSQL proxy.
+ 		true
serviceAccountstring + Service account used by cloudsql auth proxy. This service account must have the roles/cloudsql.client role.
+ 		true
versionstring + Image version for the CloudSQL proxy sidecar.
+
+ Default: 2.8.0
+ 		false
+ + +### SKIPJob.spec.container.liveness +[↩ Parent](#skipjobspeccontainer) + + + +Probe + +Type configuration for all types of Kubernetes probes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + The path to access on the HTTP server
+ 		true
portint or string + Number of the port to access on the container
+ 		true
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after +having succeeded. Defaults to 3. Minimum value is 1
+
+ Format: int32
+ Default: 3
+ 		false
initialDelayinteger + Delay sending the first probe by X seconds. Can be useful for applications that +are slow to start.
+
+ Format: int32
+ Default: 0
+ 		false
periodinteger + Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
+
+ Format: int32
+ Default: 10
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
+
+ Format: int32
+ Default: 1
+ 		false
timeoutinteger + Number of seconds after which the probe times out. Defaults to 1 second. +Minimum value is 1
+
+ Format: int32
+ Default: 1
+ 		false
+ + +### SKIPJob.spec.container.podSettings +[↩ Parent](#skipjobspeccontainer) + + + +PodSettings + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
annotationsmap[string]string + Annotations that are set on Pods created by Skiperator. These annotations can for example be used to change the behaviour of sidecars and similar.
+ 		false
disablePodSpreadTopologyConstraintsboolean + DisablePodSpreadTopologyConstraints specifies whether to disable the addition of Pod Topology Spread Constraints to +a given pod.
+
+ Default: false
+ 		false
terminationGracePeriodSecondsinteger + TerminationGracePeriodSeconds determines how long Kubernetes waits after a SIGTERM signal sent to a Pod before terminating the pod. If your application uses longer than +30 seconds to terminate, you should increase TerminationGracePeriodSeconds.
+
+ Format: int64
+ Default: 30
+ 		false
+ + +### SKIPJob.spec.container.readiness +[↩ Parent](#skipjobspeccontainer) + + + +Probe + +Type configuration for all types of Kubernetes probes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + The path to access on the HTTP server
+ 		true
portint or string + Number of the port to access on the container
+ 		true
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after +having succeeded. Defaults to 3. Minimum value is 1
+
+ Format: int32
+ Default: 3
+ 		false
initialDelayinteger + Delay sending the first probe by X seconds. Can be useful for applications that +are slow to start.
+
+ Format: int32
+ Default: 0
+ 		false
periodinteger + Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
+
+ Format: int32
+ Default: 10
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
+
+ Format: int32
+ Default: 1
+ 		false
timeoutinteger + Number of seconds after which the probe times out. Defaults to 1 second. +Minimum value is 1
+
+ Format: int32
+ Default: 1
+ 		false
+ + +### SKIPJob.spec.container.resources +[↩ Parent](#skipjobspeccontainer) + + + +ResourceRequirements + +A simplified version of the Kubernetes native ResourceRequirement field, in which only Limits and Requests are present. +For the units used for resources, see https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-units-in-kubernetes + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
limitsmap[string]int or string + Limits set the maximum the app is allowed to use. Exceeding this limit will +make kubernetes kill the app and restart it. + +Limits can be set on the CPU and memory, but it is not recommended to put a limit on CPU, see: https://home.robusta.dev/blog/stop-using-cpu-limits
+ 		false
requestsmap[string]int or string + Requests set the initial allocation that is done for the app and will +thus be available to the app on startup. More is allocated on demand +until the limit is reached. + +Requests can be set on the CPU and memory.
+ 		false
+ + +### SKIPJob.spec.container.startup +[↩ Parent](#skipjobspeccontainer) + + + +Probe + +Type configuration for all types of Kubernetes probes. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
pathstring + The path to access on the HTTP server
+ 		true
portint or string + Number of the port to access on the container
+ 		true
failureThresholdinteger + Minimum consecutive failures for the probe to be considered failed after +having succeeded. Defaults to 3. Minimum value is 1
+
+ Format: int32
+ Default: 3
+ 		false
initialDelayinteger + Delay sending the first probe by X seconds. Can be useful for applications that +are slow to start.
+
+ Format: int32
+ Default: 0
+ 		false
periodinteger + Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds.
+
+ Format: int32
+ Default: 10
+ 		false
successThresholdinteger + Minimum consecutive successes for the probe to be considered successful after having failed. +Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1.
+
+ Format: int32
+ Default: 1
+ 		false
timeoutinteger + Number of seconds after which the probe times out. Defaults to 1 second. +Minimum value is 1
+
+ Format: int32
+ Default: 1
+ 		false
+ + +### SKIPJob.spec.cron +[↩ Parent](#skipjobspec) + + + +Settings for the Job if you are running a scheduled job. Optional as Jobs may be one-off. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
schedulestring + A CronJob string for denoting the schedule of this job. See https://crontab.guru/ for help creating CronJob strings. +Kubernetes CronJobs also include the extended "Vixie cron" step values: https://man.freebsd.org/cgi/man.cgi?crontab%285%29.
+ 		true
allowConcurrencyenum + Denotes how Kubernetes should react to multiple instances of the Job being started at the same time. +Allow will allow concurrent jobs. Forbid will not allow this, and instead skip the newer schedule Job. +Replace will replace the current active Job with the newer scheduled Job.
+
+ Enum: Allow, Forbid, Replace
+ Default: Allow
+ 		false
startingDeadlineSecondsinteger + Denotes the deadline in seconds for starting a job on its schedule, if for some reason the Job's controller was not ready upon the scheduled time. +If unset, Jobs missing their deadline will be considered failed jobs and will not start.
+
+ Format: int64
+ 		false
suspendboolean + If set to true, this tells Kubernetes to suspend this Job till the field is set to false. If the Job is active while this field is set to true, +all running Pods will be terminated.
+ 		false
+ + +### SKIPJob.spec.job +[↩ Parent](#skipjobspec) + + + +Settings for the actual Job. If you use a scheduled job, the settings in here will also specify the template of the job. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
activeDeadlineSecondsinteger + ActiveDeadlineSeconds denotes a duration in seconds started from when the job is first active. If the deadline is reached during the job's workload +the job and its Pods are terminated. If the job is suspended using the Suspend field, this timer is stopped and reset when unsuspended.
+
+ Format: int64
+ 		false
backoffLimitinteger + Specifies the number of retry attempts before determining the job as failed. Defaults to 6.
+
+ Format: int32
+ 		false
suspendboolean + If set to true, this tells Kubernetes to suspend this Job till the field is set to false. If the Job is active while this field is set to false, +all running Pods will be terminated.
+ 		false
ttlSecondsAfterFinishedinteger + The number of seconds to wait before removing the Job after it has finished. If unset, Job will not be cleaned up. +It is recommended to set this to avoid clutter in your resource tree.
+
+ Format: int32
+ 		false
+ + +### SKIPJob.spec.prometheus +[↩ Parent](#skipjobspec) + + + +Prometheus settings for pod running in job. Fields are identical to Application and if set, +a podmonitoring object is created. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portint or string + The port number or name where metrics are exposed (at the Pod level).
+ 		true
allowAllMetricsboolean + Setting AllowAllMetrics to true will ensure all exposed metrics are scraped. Otherwise, a list of predefined +metrics will be dropped by default. See util/constants.go for the default list.
+
+ Default: false
+ 		false
pathstring + The HTTP path where Prometheus compatible metrics exists
+
+ Default: /metrics
+ 		false
+ + +### SKIPJob.status +[↩ Parent](#skipjob) + + + +SkiperatorStatus + +A status field shown on a Skiperator resource which contains information regarding deployment of the resource. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
accessPoliciesstring + Indicates if access policies are valid
+ 		true
conditions[]object +
+ 		true
subresourcesmap[string]object +
+ 		true
summaryobject + Status
+ 		true
+ + +### SKIPJob.status.conditions[index] +[↩ Parent](#skipjobstatus) + + + +Condition contains details for one aspect of the current state of this API Resource. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
lastTransitionTimestring + lastTransitionTime is the last time the condition transitioned from one status to another. +This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+
+ Format: date-time
+ 		true
messagestring + message is a human readable message indicating details about the transition. +This may be an empty string.
+ 		true
reasonstring + reason contains a programmatic identifier indicating the reason for the condition's last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API. +The value should be a CamelCase string. +This field may not be empty.
+ 		true
statusenum + status of the condition, one of True, False, Unknown.
+
+ Enum: True, False, Unknown
+ 		true
typestring + type of condition in CamelCase or in foo.example.com/CamelCase.
+ 		true
observedGenerationinteger + observedGeneration represents the .metadata.generation that the condition was set based upon. +For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date +with respect to the current state of the instance.
+
+ Format: int64
+ Minimum: 0
+ 		false
+ + +### SKIPJob.status.subresources[key] +[↩ Parent](#skipjobstatus) + + + +Status + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
messagestring +
+
+ Default: hello
+ 		true
statusstring +
+
+ Default: Synced
+ 		true
timestampstring +
+
+ Default: hello
+ 		true
+ + +### SKIPJob.status.summary +[↩ Parent](#skipjobstatus) + + + +Status + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
messagestring +
+
+ Default: hello
+ 		true
statusstring +
+
+ Default: Synced
+ 		true
timestampstring +
+
+ Default: hello
+ 		true
\ No newline at end of file