| Key | Type | Default | Description |
|---|---|---|---|
image: tag: |
string |
<latest version> |
Container image tag |
image: digest: |
string |
<latest digest> |
Container image digest, takes precedence over tag when specified |
image: repository: |
string |
nginx |
Container image repository |
image: pullPolicy: |
string |
IfNotPresent |
Kubernetes image pull policy |
metadata: labels: |
{[ string]: string} |
{} |
Common labels for all resources |
metadata: annotations: |
{[ string]: string} |
{} |
Common annotations for all resources |
podAnnotations: |
{[ string]: string} |
{} |
Annotations applied to pods |
imagePullSecrets: |
[...corev1.LocalObjectReference] |
[] |
Kubernetes image pull secrets |
tolerations: |
[ ...corev1.#Toleration] |
[] |
Kubernetes toleration |
affinity: |
corev1.#Affinity |
{} |
Kubernetes affinity and anti-affinity |
resources: |
corev1.#ResourceRequirements |
{} |
Kubernetes resource requests and limits |
topologySpreadConstraints: |
[...corev1.#TopologySpreadConstraint] |
[] |
Kubernetes pod topology spread constraints |
podSecurityContext: |
corev1.#PodSecurityContext |
{} |
Kubernetes pod security context |
securityContext: |
corev1.#SecurityContext |
{} |
Kubernetes container security context |
Comply with the restricted Kubernetes pod security standard:
values: {
podSecurityContext: {
runAsUser: 65532
runAsGroup: 65532
fsGroup: 65532
}
securityContext: {
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
capabilities: drop: ["ALL"]
seccompProfile: type: "RuntimeDefault"
}
}Example with redis
bundle: {
_env: "none" @timoni(runtime:string:ENV)
_tag: "latest" @timoni(runtime:string:GITHUB_REF_NAME)
apiVersion: "v1alpha1"
name: "demo-app"
instances: {
// export ENV=dev will trigger redis deployment
if _env == "dev" {
redis: {
module: {
url: "oci://ghcr.io/stefanprodan/modules/redis"
version: "7.2.1"
}
namespace: "test"
values: maxmemory: 256
}
}
deployment: {
module: url: "oci://ghcr.io/schubergphilis/cue-modules/deploy"
module: version: _tag
namespace: "test"
values: {
image: {
repository: "nginx"
digest: "sha256:d2b0e52d7c2e5dd9fe5266b163e14d41ed97fd380deb55a36ff17efd145549cd"
tag: "1.25.1"
}
}
}
}
}