import * as outputs from "../types/output"; export interface CatalogTemplateResource { /** * The kind of resource (e.g., 'workload', 'secret', 'gvc'). */ kind: string; /** * The full Control Plane link to the resource. */ link: string; /** * The name of the resource. */ name: string; } export interface CloudAccountAws { /** * Amazon Resource Name (ARN) Role. */ roleArn?: string; } export interface CloudAccountAzure { /** * Full link to an Azure secret. (e.g., /org/ORG_NAME/secret/AZURE_SECRET). */ secretLink?: string; } export interface CloudAccountGcp { /** * GCP project ID. Obtained from the GCP cloud console. */ projectId?: string; } export interface CloudAccountNgs { /** * Full link to a NATS Account Secret secret. (e.g., /org/ORG_NAME/secret/NATS_ACCOUNT_SECRET). */ secretLink?: string; } export interface CloudAccountStatus { /** * ISO-8601 timestamp of the last time the Cloud Account credentials were validated. */ lastChecked: string; /** * The last error message reported when validating the Cloud Account credentials. */ lastError: string; /** * Whether the Cloud Account credentials are valid and usable by Control Plane. */ usable: boolean; } export interface CustomLocationGeo { /** * City of the location. */ city: string; /** * Continent of the location. */ continent: string; /** * Country of the location. */ country: string; /** * Latitude of the location. */ lat: number; /** * Longitude of the location. */ lon: number; /** * State of the location. */ state: string; } export interface DomainRouteHeaders { /** * Manipulates HTTP headers. */ request?: outputs.DomainRouteHeadersRequest; } export interface DomainRouteHeadersRequest { /** * Sets or overrides headers to all http requests for this route. */ set?: { [key: string]: string; }; } export interface DomainRouteMirror { /** * The percentage of traffic to mirror to the specified workload. */ percent: number; /** * The port on the mirrored workload to send traffic to. If not provided, traffic will be mirrored to the first discovered port on the mirrored workload. */ port?: number; /** * The workload to mirror traffic to. */ workloadLink: string; } export interface DomainSpec { /** * Allows domain to accept wildcards. The associated GVC must have dedicated load balancing enabled. */ acceptAllHosts: boolean; /** * Accept all subdomains will accept any host that is a sub domain of the domain so *.$DOMAIN */ acceptAllSubdomains: boolean; /** * Defines the method used to prove domain ownership for certificate issuance. */ certChallengeType?: string; /** * In `cname` dnsMode, Control Plane will configure workloads to accept traffic for the domain but will not manage DNS records for the domain. End users must configure CNAME records in their own DNS pointed to the canonical workload endpoint. Currently `cname` dnsMode requires that a TLS server certificate be configured when subdomain based routing is used. In `ns` dnsMode, Control Plane will manage the subdomains and create all necessary DNS records. End users configure NS records to forward DNS requests to the Control Plane managed DNS servers. Valid values: `cname`, `ns`. Default: `cname`. */ dnsMode: string; /** * This value is set to a target GVC (using a full link) for use by subdomain based routing. Each workload in the GVC will receive a subdomain in the form ${workload.name}.${domain.name}. **Do not include if path based routing is used.** */ gvcLink?: string; /** * Domain port specifications. */ ports?: outputs.DomainSpecPort[]; /** * Creates a unique subdomain for each replica of a stateful workload, enabling direct access to individual instances. */ workloadLink?: string; } export interface DomainSpecPort { /** * A security feature implemented by web browsers to allow resources on a web page to be requested from another domain outside the domain from which the resource originated. */ cors?: outputs.DomainSpecPortCors; /** * Sets or overrides headers to all http requests for this route. */ number: number; /** * Allowed protocol. Valid values: `http`, `http2`, `tcp`. Default: `http2`. */ protocol: string; /** * Inline routes for this port. Can coexist with separate cpln.DomainRoute resources on the same domain and port. */ routes?: outputs.DomainSpecPortRoute[]; /** * Used for TLS connections for this Domain. End users are responsible for certificate updates. */ tls?: outputs.DomainSpecPortTls; } export interface DomainSpecPortCors { /** * Determines whether the client-side code (typically running in a web browser) is allowed to include credentials (such as cookies, HTTP authentication, or client-side SSL certificates) in cross-origin requests. */ allowCredentials: boolean; /** * Specifies the custom HTTP headers that are allowed in a cross-origin request to a specific resource. */ allowHeaders?: string[]; /** * Specifies the HTTP methods (such as `GET`, `POST`, `PUT`, `DELETE`, etc.) that are allowed for a cross-origin request to a specific resource. */ allowMethods?: string[]; /** * Determines which origins are allowed to access a particular resource on a server from a web browser. */ allowOrigins?: outputs.DomainSpecPortCorsAllowOrigin[]; /** * The HTTP headers that a server allows to be exposed to the client in response to a cross-origin request. These headers provide additional information about the server's capabilities or requirements, aiding in proper handling of the request by the client's browser or application. */ exposeHeaders?: string[]; /** * Maximum amount of time that a preflight request result can be cached by the client browser. Input is expected as a duration string (i.e, 24h, 20m, etc.). */ maxAge: string; } export interface DomainSpecPortCorsAllowOrigin { /** * Value of allowed origin. */ exact?: string; regex?: string; } export interface DomainSpecPortRoute { /** * Modify the headers for all http requests for this route. */ headers?: outputs.DomainSpecPortRouteHeaders; /** * This option allows forwarding traffic for different host headers to different workloads. */ hostPrefix?: string; /** * A regex to match the host header. */ hostRegex?: string; /** * Mirror the traffic to the specified workload(s). Only works for workloads running in the same location as the primary workload(s). */ mirrors?: outputs.DomainSpecPortRouteMirror[]; /** * For the linked workload, the port to route traffic to. */ port?: number; /** * The path will match any unmatched path prefixes for the subdomain. */ prefix?: string; /** * Used to match URI paths. Uses the google re2 regex syntax. */ regex?: string; /** * A path prefix can be configured to be replaced when forwarding the request to the Workload. */ replacePrefix?: string; /** * The replica number of a stateful workload to route to. If not provided, traffic will be routed to all replicas. */ replica?: number; /** * The link of the workload to map the prefix to. */ workloadLink: string; } export interface DomainSpecPortRouteHeaders { /** * Manipulates HTTP headers. */ request?: outputs.DomainSpecPortRouteHeadersRequest; } export interface DomainSpecPortRouteHeadersRequest { /** * Sets or overrides headers to all http requests for this route. */ set?: { [key: string]: string; }; } export interface DomainSpecPortRouteMirror { /** * The percentage of traffic to mirror to the specified workload. */ percent: number; /** * The port on the mirrored workload to send traffic to. If not provided, traffic will be mirrored to the first discovered port on the mirrored workload. */ port?: number; /** * The workload to mirror traffic to. */ workloadLink: string; } export interface DomainSpecPortTls { /** * Allowed cipher suites. Refer to the [Domain Reference](https://docs.controlplane.com/reference/domain#cipher-suites) for details. */ cipherSuites: string[]; /** * The certificate authority PEM, stored as a TLS Secret, used to verify the authority of the client certificate. The only verification performed checks that the CN of the PEM matches the Domain (i.e., CN=*.DOMAIN). */ clientCertificate?: outputs.DomainSpecPortTlsClientCertificate; /** * Minimum TLS version to accept. Minimum is `1.0`. Default: `1.2`. */ minProtocolVersion: string; /** * Configure an optional custom server certificate for the domain. When the port number is 443 and this is not supplied, a certificate is provisioned automatically. */ serverCertificate?: outputs.DomainSpecPortTlsServerCertificate; } export interface DomainSpecPortTlsClientCertificate { /** * The secret will include a client certificate authority cert in PEM format used to verify requests which include client certificates. The key subject must match the domain and the key usage properties must be configured for client certificate authorization. The secret type must be keypair. */ secretLink?: string; } export interface DomainSpecPortTlsServerCertificate { /** * When provided, this is used as the server certificate authority. The secret type must be keypair and the content must be PEM encoded. */ secretLink?: string; } export interface DomainStatus { /** * List of required DNS record entries. */ dnsConfigs: outputs.DomainStatusDnsConfig[]; /** * List of configured domain endpoints. */ endpoints: outputs.DomainStatusEndpoint[]; fingerprint: string; /** * Contains the cloud provider name, region, and certificate status. */ locations: outputs.DomainStatusLocation[]; /** * Status of Domain. Possible values: `initializing`, `ready`, `pendingDnsConfig`, `pendingCertificate`, `usedByGvc`. */ status: string; /** * Warning message. */ warning: string; } export interface DomainStatusDnsConfig { /** * The host in DNS terminology refers to the domain or subdomain that the DNS record is associated with. It's essentially the name that is being queried or managed. For example, in a DNS record for `www.example.com`, `www` is a host in the domain `example.com`. */ host: string; /** * Time to live (TTL) is a value that signifies how long (in seconds) a DNS record should be cached by a resolver or a browser before a new request should be sent to refresh the data. Lower TTL values mean records are updated more frequently, which is beneficial for dynamic DNS configurations or during DNS migrations. Higher TTL values reduce the load on DNS servers and improve the speed of name resolution for end users by relying on cached data. */ ttl: number; /** * The DNS record type specifies the type of data the DNS record contains. Valid values: `CNAME`, `NS`, `TXT`. */ type: string; /** * The value of a DNS record contains the data the record is meant to convey, based on the type of the record. */ value: string; } export interface DomainStatusEndpoint { /** * URL of endpoint. */ url: string; /** * Full link to associated workload. */ workloadLink: string; } export interface DomainStatusLocation { /** * The current validity or status of the SSL/TLS certificate. */ certificateStatus: string; /** * The name of the location. */ name: string; } export interface GetGvcControlplaneTracing { /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface GetGvcKeda { /** * Enable KEDA for this GVC. KEDA is a Kubernetes-based event-driven autoscaler that allows you to scale workloads based on external events. When enabled, a keda operator will be deployed in the GVC and workloads in the GVC can use KEDA to scale based on external metrics. */ enabled: boolean; /** * A link to an Identity resource that will be used for KEDA. This will allow the keda operator to access cloud and network resources. */ identityLink?: string; /** * A list of secrets to be used as TriggerAuthentication objects. The TriggerAuthentication object will be named after the secret and can be used by triggers on workloads in this GVC. */ secrets?: string[]; } export interface GetGvcLightstepTracing { /** * Full link to referenced Opaque Secret. */ credentials?: string; /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Tracing Endpoint Workload. Either the canonical endpoint or internal endpoint. */ endpoint: string; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface GetGvcLoadBalancer { /** * Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location. */ dedicated?: boolean; /** * The link or the name of the IP Set that will be used for this load balancer. */ ipset?: string; multiZone?: outputs.GetGvcLoadBalancerMultiZone; /** * Specify the url to be redirected to for different http status codes. */ redirect?: outputs.GetGvcLoadBalancerRedirect; /** * Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead. */ trustedProxies: number; } export interface GetGvcLoadBalancerMultiZone { enabled: boolean; } export interface GetGvcLoadBalancerRedirect { /** * Specify the redirect url for all status codes in a class. */ class?: outputs.GetGvcLoadBalancerRedirectClass; } export interface GetGvcLoadBalancerRedirectClass { /** * An optional url redirect for 401 responses. Supports envoy format strings to include request information. E.g. https://your-oauth-server/oauth2/authorize?return_to=%REQ(:path)%&client_id=your-client-id */ status401?: string; /** * Specify the redirect url for any 500 level status code. */ status5xx?: string; } export interface GetGvcLocationOption { /** * Artificial latency offset in milliseconds added to measured latency. Positive values push traffic away from this location, negative values attract traffic. Default: `0`. */ latencyOffsetMs: number; /** * Maximum acceptable latency in milliseconds. If measured latency exceeds this value, the location is treated as unavailable for DNS geo routing. */ latencyToleranceMs: number; /** * Name of the location these options apply to. */ name: string; /** * Routing tier for DNS geo routing. Lower value = higher priority. Locations with the same `routingTier` form a group; within a group, lowest latency wins. If all locations in the highest-priority group are unavailable, the next group is used. */ routingTier: number; } export interface GetGvcLocationQuery { /** * Type of fetch. Specify either: `links` or `items`. Default: `items`. */ fetch: string; specs?: outputs.GetGvcLocationQuerySpec[]; } export interface GetGvcLocationQuerySpec { /** * Type of match. Available values: `all`, `any`, `none`. Default: `all`. */ match: string; /** * Terms can only contain one of the following attributes: `property`, `rel`, `tag`. */ terms?: outputs.GetGvcLocationQuerySpecTerm[]; } export interface GetGvcLocationQuerySpecTerm { /** * Type of query operation. Available values: `=`, `>`, `>=`, `<`, `<=`, `!=`, `~`, `=~`, `exists`, `!exists`, `contains`. Default: `=`. */ op: string; /** * Property to use for query evaluation. */ property: string; /** * Relation to use for query evaluation. */ rel: string; /** * Tag key to use for query evaluation. */ tag: string; /** * Testing value for query evaluation. */ value: string; } export interface GetGvcOtelTracing { /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Tracing Endpoint Workload. Either the canonical endpoint or internal endpoint. */ endpoint: string; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface GetGvcSidecar { envoy: string; } export interface GetHelmTemplatePostrender { /** * Arguments to the post-renderer. */ args?: string[]; /** * The path to an executable to be used for post rendering. */ binaryPath: string; } export interface GetImageManifest { /** * The config is a JSON blob that contains the image configuration data which includes environment variables, default command to run, and other settings necessary to run the container based on this image. */ configs: outputs.GetImageManifestConfig[]; /** * Layers lists the digests of the image's layers. These layers are filesystem changes or additions made in each step of the Docker image's creation process. The layers are stored separately and pulled as needed, which allows for efficient storage and transfer of images. Each layer is represented by a SHA256 digest, ensuring the integrity and authenticity of the image. */ layers: outputs.GetImageManifestLayer[]; /** * Specifies the type of the content represented in the manifest, allowing Docker clients and registries to understand how to handle the document correctly. */ mediaType: string; /** * The version of the Docker Image Manifest format. */ schemaVersion: number; } export interface GetImageManifestConfig { /** * A unique SHA256 hash used to identify a specific image version within the image registry. */ digest: string; /** * Specifies the type of the content represented in the manifest, allowing Docker clients and registries to understand how to handle the document correctly. */ mediaType: string; /** * The size of the image or layer in bytes. This helps in estimating the space required and the download time. */ size: number; } export interface GetImageManifestLayer { /** * A unique SHA256 hash used to identify a specific image version within the image registry. */ digest: string; /** * Specifies the type of the content represented in the manifest, allowing Docker clients and registries to understand how to handle the document correctly. */ mediaType: string; /** * The size of the image or layer in bytes. This helps in estimating the space required and the download time. */ size: number; } export interface GetImagesImage { /** * The ID, in GUID format, of the image. */ cplnId: string; /** * A unique SHA256 hash used to identify a specific image version within the image registry. */ digest: string; /** * The manifest provides configuration and layers information about the image. It plays a crucial role in the Docker image distribution system, enabling image creation, verification, and replication in a consistent and secure manner. */ manifests: outputs.GetImagesImageManifest[]; /** * Name of the image. */ name: string; /** * Respository name of the image. */ repository: string; /** * Full link to this resource. Can be referenced by other resources. */ selfLink: string; /** * Tag of the image. */ tag: string; /** * Key-value map of resource tags. */ tags: { [key: string]: string; }; } export interface GetImagesImageManifest { /** * The config is a JSON blob that contains the image configuration data which includes environment variables, default command to run, and other settings necessary to run the container based on this image. */ configs: outputs.GetImagesImageManifestConfig[]; /** * Layers lists the digests of the image's layers. These layers are filesystem changes or additions made in each step of the Docker image's creation process. The layers are stored separately and pulled as needed, which allows for efficient storage and transfer of images. Each layer is represented by a SHA256 digest, ensuring the integrity and authenticity of the image. */ layers: outputs.GetImagesImageManifestLayer[]; /** * Specifies the type of the content represented in the manifest, allowing Docker clients and registries to understand how to handle the document correctly. */ mediaType: string; /** * The version of the Docker Image Manifest format. */ schemaVersion: number; } export interface GetImagesImageManifestConfig { /** * A unique SHA256 hash used to identify a specific image version within the image registry. */ digest: string; /** * Specifies the type of the content represented in the manifest, allowing Docker clients and registries to understand how to handle the document correctly. */ mediaType: string; /** * The size of the image or layer in bytes. This helps in estimating the space required and the download time. */ size: number; } export interface GetImagesImageManifestLayer { /** * A unique SHA256 hash used to identify a specific image version within the image registry. */ digest: string; /** * Specifies the type of the content represented in the manifest, allowing Docker clients and registries to understand how to handle the document correctly. */ mediaType: string; /** * The size of the image or layer in bytes. This helps in estimating the space required and the download time. */ size: number; } export interface GetImagesQuery { /** * Type of fetch. Specify either: `links` or `items`. Default: `items`. */ fetch: string; /** * The specification of the query. */ spec?: outputs.GetImagesQuerySpec; } export interface GetImagesQuerySpec { /** * Type of match. Available values: `all`, `any`, `none`. Default: `all`. */ match: string; /** * Terms can only contain one of the following attributes: `property`, `rel`, `tag`. */ terms?: outputs.GetImagesQuerySpecTerm[]; } export interface GetImagesQuerySpecTerm { /** * Type of query operation. Available values: `=`, `>`, `>=`, `<`, `<=`, `!=`, `exists`, `!exists`. Default: `=`. */ op: string; /** * Property to use for query evaluation. */ property?: string; /** * Relation to use for query evaluation. */ rel?: string; /** * Tag key to use for query evaluation. */ tag?: string; /** * Testing value for query evaluation. */ value?: string; } export interface GetLocationGeo { /** * City of the location. */ city: string; /** * Continent of the location. */ continent: string; /** * Country of the location. */ country: string; /** * Latitude of the location. */ lat: number; /** * Longitude of the location. */ lon: number; /** * State of the location. */ state: string; } export interface GetLocationsLocation { /** * Cloud Provider of the location. Valid values: `aws`, `gcp`, `azure`, `byok`, `linode`, `vultr`, `equinix`, `oci`. */ cloudProvider: string; /** * The ID, in GUID format, of the location. */ cplnId: string; /** * Description of the location. */ description: string; /** * Indication if location is enabled. */ enabled: boolean; geos: outputs.GetLocationsLocationGeo[]; /** * A list of IP ranges of the location. */ ipRanges: string[]; /** * Name of the location. */ name: string; /** * Origin of the location. Valid values: `builtin`, `default`, `custom`. */ origin: string; /** * Region of the location. */ region: string; /** * Full link to this resource. Can be referenced by other resources. */ selfLink: string; /** * Key-value map of resource tags. */ tags: { [key: string]: string; }; } export interface GetLocationsLocationGeo { /** * City of the location. */ city: string; /** * Continent of the location. */ continent: string; /** * Country of the location. */ country: string; /** * Latitude of the location. */ lat: number; /** * Longitude of the location. */ lon: number; /** * State of the location. */ state: string; } export interface GetOrgAuthConfig { /** * List of domains which will auto-provision users when authenticating using SAML. */ domainAutoMembers: string[]; /** * Enforce SAML only authentication. */ samlOnly: boolean; } export interface GetOrgObservability { /** * These emails are configured as alert recipients in Grafana when the 'grafana-default-email' contact delivery type is 'Email'. */ defaultAlertEmails: string[]; /** * Log retention days. Default: 30 */ logsRetentionDays: number; /** * Metrics retention days. Default: 30 */ metricsRetentionDays: number; /** * Traces retention days. Default: 30 */ tracesRetentionDays: number; } export interface GetOrgSecurity { threatDetection?: outputs.GetOrgSecurityThreatDetection; } export interface GetOrgSecurityThreatDetection { /** * Indicates whether threat detection should be forwarded or not. */ enabled: boolean; /** * Any threats with this severity and more severe will be sent. Others will be ignored. Valid values: `warning`, `error`, or `critical`. */ minimumSeverity?: string; /** * Configuration for syslog forwarding. */ syslog?: outputs.GetOrgSecurityThreatDetectionSyslog; } export interface GetOrgSecurityThreatDetectionSyslog { /** * The hostname to send syslog messages to. */ host: string; /** * The port to send syslog messages to. */ port: number; /** * The transport-layer protocol to send the syslog messages over. If TCP is chosen, messages will be sent with TLS. Default: `tcp`. */ transport: string; } export interface GetOrgStatus { /** * The link of the account the org belongs to. */ accountLink: string; /** * Indicates whether the org is active or not. */ active: boolean; endpointPrefix: string; } export interface GetSecretAw { /** * Access Key provided by AWS. */ accessKey: string; /** * AWS IAM Role External ID. */ externalId: string; /** * Role ARN provided by AWS. */ roleArn: string; /** * Secret Key provided by AWS. */ secretKey: string; } export interface GetSecretAzureConnector { /** * Code/Key to authenticate to deployment URL. */ code: string; /** * Deployment URL. */ url: string; } export interface GetSecretEcr { /** * Access Key provided by AWS. */ accessKey: string; /** * AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories. */ externalId?: string; /** * List of ECR repositories. */ repos: string[]; /** * Role ARN provided by AWS. */ roleArn: string; /** * Secret Key provided by AWS. */ secretKey: string; } export interface GetSecretKeypair { /** * Passphrase for private key. */ passphrase: string; /** * Public Key. */ publicKey: string; /** * Secret/Private Key. */ secretKey: string; } export interface GetSecretNatsAccount { /** * Account ID. */ accountId: string; /** * Private Key. */ privateKey: string; } export interface GetSecretOpaque { /** * Available encodings: `plain`, `base64`. Default: `plain`. */ encoding: string; /** * Plain text or base64 encoded string. Use `encoding` attribute to specify encoding. */ payload: string; } export interface GetSecretTl { /** * Public Certificate. */ cert: string; /** * Chain Certificate. */ chain: string; /** * Private Certificate. */ key: string; } export interface GetSecretUserpass { /** * Available encodings: `plain`, `base64`. Default: `plain`. */ encoding: string; /** * Password. */ password: string; /** * Username. */ username: string; } export interface GetWorkloadContainer { /** * Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list. */ args: string[]; /** * Override the entry point. */ command: string; /** * Reserved CPU of the workload when capacityAI is disabled. Maximum CPU when CapacityAI is enabled. Default: "50m". */ cpu: string; /** * Name-Value list of environment variables. */ env: { [key: string]: string; }; gpuCustoms?: outputs.GetWorkloadContainerGpuCustom[]; /** * GPUs manufactured by NVIDIA, which are specialized hardware accelerators used to offload and accelerate computationally intensive tasks within the workload. */ gpuNvidias?: outputs.GetWorkloadContainerGpuNvidia[]; /** * The full image and tag path. */ image: string; /** * Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name. */ inheritEnv: boolean; /** * Lifecycle [Reference Page](https://docs.controlplane.com/reference/workload#lifecycle). */ lifecycles?: outputs.GetWorkloadContainerLifecycle[]; /** * Liveness Probe */ livenessProbes?: outputs.GetWorkloadContainerLivenessProbe[]; /** * Reserved memory of the workload when capacityAI is disabled. Maximum memory when CapacityAI is enabled. Default: "128Mi". */ memory: string; /** * [Reference Page](https://docs.controlplane.com/reference/workload#metrics). */ metrics?: outputs.GetWorkloadContainerMetric[]; /** * Minimum CPU when capacity AI is enabled. */ minCpu: string; /** * Minimum memory when capacity AI is enabled. */ minMemory: string; /** * Name of the container. */ name: string; /** * The port the container exposes. Only one container is allowed to specify a port. Min: `80`. Max: `65535`. Used by `serverless` Workload type. **DEPRECATED - Use `ports`.** * * @deprecated The 'port' attribute will be deprecated in the next major version. Use the 'ports' attribute instead. */ port: number; /** * Communication endpoints used by the workload to send and receive network traffic. */ ports?: outputs.GetWorkloadContainerPort[]; /** * Readiness Probe */ readinessProbes?: outputs.GetWorkloadContainerReadinessProbe[]; /** * Mount Object Store (S3, GCS, AzureBlob) buckets as file system. */ volumes?: outputs.GetWorkloadContainerVolume[]; /** * Override the working directory. Must be an absolute path. */ workingDirectory: string; } export interface GetWorkloadContainerGpuCustom { /** * Number of GPUs. */ quantity: number; resource: string; runtimeClass: string; } export interface GetWorkloadContainerGpuNvidia { /** * GPU Model (i.e.: t4) */ model: string; /** * Number of GPUs. */ quantity: number; } export interface GetWorkloadContainerLifecycle { postStarts?: outputs.GetWorkloadContainerLifecyclePostStart[]; preStops?: outputs.GetWorkloadContainerLifecyclePreStop[]; } export interface GetWorkloadContainerLifecyclePostStart { execs?: outputs.GetWorkloadContainerLifecyclePostStartExec[]; } export interface GetWorkloadContainerLifecyclePostStartExec { /** * Command and arguments executed immediately after the container is created. */ commands: string[]; } export interface GetWorkloadContainerLifecyclePreStop { execs?: outputs.GetWorkloadContainerLifecyclePreStopExec[]; } export interface GetWorkloadContainerLifecyclePreStopExec { /** * Command and arguments executed immediately before the container is stopped. */ commands: string[]; } export interface GetWorkloadContainerLivenessProbe { execs?: outputs.GetWorkloadContainerLivenessProbeExec[]; failureThreshold: number; grpcs?: outputs.GetWorkloadContainerLivenessProbeGrpc[]; httpGets?: outputs.GetWorkloadContainerLivenessProbeHttpGet[]; initialDelaySeconds: number; periodSeconds: number; successThreshold: number; tcpSockets?: outputs.GetWorkloadContainerLivenessProbeTcpSocket[]; timeoutSeconds: number; } export interface GetWorkloadContainerLivenessProbeExec { commands: string[]; } export interface GetWorkloadContainerLivenessProbeGrpc { port: number; } export interface GetWorkloadContainerLivenessProbeHttpGet { httpHeaders: { [key: string]: string; }; path: string; port: number; scheme: string; } export interface GetWorkloadContainerLivenessProbeTcpSocket { port: number; } export interface GetWorkloadContainerMetric { /** * Drop metrics that match given patterns. */ dropMetrics: string[]; /** * Path from container emitting custom metrics. */ path: string; /** * Port from container emitting custom metrics. */ port: number; } export interface GetWorkloadContainerPort { /** * Port to expose. */ number: number; /** * Protocol. Choice of: `http`, `http2`, `tcp`, or `grpc`. */ protocol: string; } export interface GetWorkloadContainerReadinessProbe { execs?: outputs.GetWorkloadContainerReadinessProbeExec[]; failureThreshold: number; grpcs?: outputs.GetWorkloadContainerReadinessProbeGrpc[]; httpGets?: outputs.GetWorkloadContainerReadinessProbeHttpGet[]; initialDelaySeconds: number; periodSeconds: number; successThreshold: number; tcpSockets?: outputs.GetWorkloadContainerReadinessProbeTcpSocket[]; timeoutSeconds: number; } export interface GetWorkloadContainerReadinessProbeExec { commands: string[]; } export interface GetWorkloadContainerReadinessProbeGrpc { port: number; } export interface GetWorkloadContainerReadinessProbeHttpGet { httpHeaders: { [key: string]: string; }; path: string; port: number; scheme: string; } export interface GetWorkloadContainerReadinessProbeTcpSocket { port: number; } export interface GetWorkloadContainerVolume { /** * VM disk boot order. Only valid for `vm` workloads. */ bootOrder: number; /** * VM disk bus. Only valid for `vm` workloads. Valid values: `virtio`, `sata`, `scsi`. */ bus: string; /** * VM disk name. Required for `vm` workloads; rejected for other workload types. */ name: string; /** * File path added to workload pointing to the volume. Required for non-`vm` workloads; rejected for `vm` workloads (the volume is attached to the VM as a block device). */ path: string; /** * Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists. Available Values: `retain`, `recycle`. Default: `retain`. **DEPRECATED - No longer being used.** */ recoveryPolicy: string; /** * URI of a volume hosted at Control Plane (Volume Set) or at a cloud provider (AWS, Azure, GCP). */ uri: string; } export interface GetWorkloadFirewallSpec { /** * The external firewall is used to control inbound and outbound access to the workload for public-facing traffic. */ externals?: outputs.GetWorkloadFirewallSpecExternal[]; /** * The internal firewall is used to control access between workloads. */ internals?: outputs.GetWorkloadFirewallSpecInternal[]; } export interface GetWorkloadFirewallSpecExternal { /** * Firewall options for HTTP workloads. */ https?: outputs.GetWorkloadFirewallSpecExternalHttp[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that are allowed to access this workload. No external access is allowed by default. Specify '0.0.0.0/0' to allow access to the public internet. */ inboundAllowCidrs: string[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that are NOT allowed to access this workload. Addresses in the allow list will only be allowed if they do not exist in this list. */ inboundBlockedCidrs: string[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet. */ outboundAllowCidrs: string[]; /** * The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard `*` is allowed on the prefix of the hostname only, ex: `*.amazonaws.com`. Use `outboundAllowCIDR` to allow access to all external websites. */ outboundAllowHostnames: string[]; /** * Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443. */ outboundAllowPorts?: outputs.GetWorkloadFirewallSpecExternalOutboundAllowPort[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed to reach. Addresses in the allow list will only be allowed if they do not exist in this list. */ outboundBlockedCidrs: string[]; } export interface GetWorkloadFirewallSpecExternalHttp { /** * A list of header filters for HTTP workloads. */ inboundHeaderFilters?: outputs.GetWorkloadFirewallSpecExternalHttpInboundHeaderFilter[]; } export interface GetWorkloadFirewallSpecExternalHttpInboundHeaderFilter { /** * A list of regular expressions to match for allowed header values. Headers that do not match ANY of these values will be filtered and will not reach the workload. */ allowedValues: string[]; /** * A list of regular expressions to match for blocked header values. Headers that match ANY of these values will be filtered and will not reach the workload. */ blockedValues: string[]; /** * The header to match for. */ key: string; } export interface GetWorkloadFirewallSpecExternalOutboundAllowPort { /** * Port number. Max: 65000 */ number: number; /** * Either `http`, `https` or `tcp`. */ protocol: string; } export interface GetWorkloadFirewallSpecInternal { /** * Used to control the internal firewall configuration and mutual tls. Allowed Values: "none", "same-gvc", "same-org", "workload-list". */ inboundAllowType: string; /** * A list of specific workloads which are allowed to access this workload internally. This list is only used if the 'inboundAllowType' is set to 'workload-list'. */ inboundAllowWorkloads: string[]; } export interface GetWorkloadHealth { /** * Readiness of the workload. */ readiness: string; /** * Number of locations where the workload is ready. */ readyLocations: number; /** * Number of ready replicas across all locations. */ readyReplicas: number; /** * Whether the most recent sync of the workload failed. */ syncFailed: boolean; /** * Total number of locations the workload is deployed to. */ totalLocations: number; /** * Total number of replicas across all locations. */ totalReplicas: number; } export interface GetWorkloadJob { /** * The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status. */ activeDeadlineSeconds: number; /** * Either 'Forbid', 'Replace', or 'Allow'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running. */ concurrencyPolicy: string; /** * The maximum number of completed job instances to display. This should be an integer between 1 and 10. Default: `5`. */ historyLimit: number; /** * Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails. Enum: [ OnFailure, Never ] Default: `Never`. */ restartPolicy: string; /** * A standard cron [schedule expression](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax) used to determine when your job should execute. */ schedule: string; } export interface GetWorkloadLoadBalancer { /** * Direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required. */ directs?: outputs.GetWorkloadLoadBalancerDirect[]; geoLocations?: outputs.GetWorkloadLoadBalancerGeoLocation[]; /** * When enabled, individual replicas of the workload can be reached directly using the subdomain prefix replica-. For example, replica-0.my-workload.my-gvc.cpln.local or replica-0.my-workload-.cpln.app - Can only be used with stateful workloads. */ replicaDirect: boolean; } export interface GetWorkloadLoadBalancerDirect { /** * When disabled, this load balancer will be stopped. */ enabled: boolean; ipset: string; /** * List of ports that will be exposed by this load balancer. */ ports?: outputs.GetWorkloadLoadBalancerDirectPort[]; } export interface GetWorkloadLoadBalancerDirectPort { /** * The port on the container tha will receive this traffic. */ containerPort: number; /** * The port that is available publicly. */ externalPort: number; /** * The protocol that is exposed publicly. */ protocol: string; /** * Overrides the default `https` url scheme that will be used for links in the UI and status. */ scheme: string; } export interface GetWorkloadLoadBalancerGeoLocation { /** * When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced. */ enabled: boolean; headers?: outputs.GetWorkloadLoadBalancerGeoLocationHeader[]; } export interface GetWorkloadLoadBalancerGeoLocationHeader { /** * The geo asn header. */ asn: string; /** * The geo city header. */ city: string; /** * The geo country header. */ country: string; /** * The geo region header. */ region: string; } export interface GetWorkloadLocalOption { /** * Auto-scaling adjusts horizontal scaling based on a set strategy, target value, and possibly a metric percentile. */ autoscalings?: outputs.GetWorkloadLocalOptionAutoscaling[]; /** * Capacity AI. Default: `true`. */ capacityAi: boolean; /** * The highest frequency capacity AI is allowed to update resource reservations when CapacityAI is enabled. */ capacityAiUpdateMinutes: number; /** * Debug mode. Default: `false`. */ debug: boolean; /** * Valid only for `localOptions`. Override options for a specific location. */ location: string; multiZones?: outputs.GetWorkloadLocalOptionMultiZone[]; /** * Workload suspend. Default: `false`. */ suspend: boolean; /** * Timeout in seconds. Default: `5`. */ timeoutSeconds: number; } export interface GetWorkloadLocalOptionAutoscaling { /** * KEDA (Kubernetes-based Event Driven Autoscaling) allows for advanced autoscaling based on external metrics and triggers. */ kedas?: outputs.GetWorkloadLocalOptionAutoscalingKeda[]; /** * A hard maximum for the number of concurrent requests allowed to a replica. If no replicas are available to fulfill the request then it will be queued until a replica with capacity is available and delivered as soon as one is available again. Capacity can be available from requests completing or when a new replica is available from scale out.Min: `0`. Max: `1000`. Default `0`. */ maxConcurrency: number; /** * The maximum allowed number of replicas. Min: `0`. Default `5`. */ maxScale: number; /** * Valid values: `concurrency`, `cpu`, `memory`, `rps`, `latency`, `keda` or `disabled`. */ metric: string; /** * For metrics represented as a distribution (e.g. latency) a percentile within the distribution must be chosen as the target. */ metricPercentile: string; /** * The minimum allowed number of replicas. Control Plane can scale the workload down to 0 when there is no traffic and scale up immediately to fulfill new requests. Min: `0`. Max: `maxScale`. Default `1`. */ minScale: number; multis?: outputs.GetWorkloadLocalOptionAutoscalingMulti[]; /** * The amount of time (in seconds) with no requests received before a workload is scaled to 0. Min: `30`. Max: `3600`. Default: `300`. */ scaleToZeroDelay: number; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. Default: `95`. */ target: number; } export interface GetWorkloadLocalOptionAutoscalingKeda { /** * Advanced configuration options for KEDA. */ advanceds?: outputs.GetWorkloadLocalOptionAutoscalingKedaAdvanced[]; /** * The cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ cooldownPeriod: number; /** * Fallback configuration for KEDA. */ fallbacks?: outputs.GetWorkloadLocalOptionAutoscalingKedaFallback[]; /** * The initial cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ initialCooldownPeriod: number; /** * The interval in seconds at which KEDA will poll the external metrics to determine if scaling is required. */ pollingInterval: number; /** * An array of KEDA triggers to be used for scaling workloads in this GVC. This is used to define how KEDA will scale workloads in the GVC based on external metrics or events. Each trigger type may have its own specific configuration options. */ triggers?: outputs.GetWorkloadLocalOptionAutoscalingKedaTrigger[]; } export interface GetWorkloadLocalOptionAutoscalingKedaAdvanced { /** * Scaling modifiers allow for fine-tuning the scaling behavior of KEDA. */ scalingModifiers?: outputs.GetWorkloadLocalOptionAutoscalingKedaAdvancedScalingModifier[]; } export interface GetWorkloadLocalOptionAutoscalingKedaAdvancedScalingModifier { /** * Defines the new activation target value to scale on for the composed metric. */ activationTarget: string; /** * Composes metrics together and allows them to be modified/manipulated. It accepts mathematical/conditional statements. */ formula: string; /** * Defines metric type used for this new composite-metric. */ metricType: string; /** * Defines new target value to scale on for the composed metric. */ target: string; } export interface GetWorkloadLocalOptionAutoscalingKedaFallback { /** * Behavior to apply when fallback is triggered. */ behavior: string; /** * Number of consecutive failures required to trigger fallback behavior. */ failureThreshold: number; /** * Number of replicas to scale to when fallback is triggered. */ replicas: number; } export interface GetWorkloadLocalOptionAutoscalingKedaTrigger { /** * Reference to a KEDA authentication object for secure access to external systems. */ authenticationReves?: outputs.GetWorkloadLocalOptionAutoscalingKedaTriggerAuthenticationRef[]; /** * The configuration parameters that the trigger requires. */ metadata: { [key: string]: string; }; /** * The type of metric to be used for scaling. */ metricType: string; /** * An optional name for the trigger. If not provided, a default name will be generated based on the trigger type. */ name: string; /** * The type of KEDA trigger, e.g "prometheus", "aws-sqs", etc. */ type: string; /** * Enables caching of metric values during polling interval. */ useCachedMetrics: boolean; } export interface GetWorkloadLocalOptionAutoscalingKedaTriggerAuthenticationRef { /** * The name of secret listed in the GVC spec.keda.secrets. */ name: string; } export interface GetWorkloadLocalOptionAutoscalingMulti { /** * Valid values: `cpu` or `memory`. */ metric: string; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. */ target: number; } export interface GetWorkloadLocalOptionMultiZone { enabled: boolean; } export interface GetWorkloadOption { /** * Auto-scaling adjusts horizontal scaling based on a set strategy, target value, and possibly a metric percentile. */ autoscalings?: outputs.GetWorkloadOptionAutoscaling[]; /** * Capacity AI. Default: `true`. */ capacityAi: boolean; /** * The highest frequency capacity AI is allowed to update resource reservations when CapacityAI is enabled. */ capacityAiUpdateMinutes: number; /** * Debug mode. Default: `false`. */ debug: boolean; multiZones?: outputs.GetWorkloadOptionMultiZone[]; /** * Workload suspend. Default: `false`. */ suspend: boolean; /** * Timeout in seconds. Default: `5`. */ timeoutSeconds: number; } export interface GetWorkloadOptionAutoscaling { /** * KEDA (Kubernetes-based Event Driven Autoscaling) allows for advanced autoscaling based on external metrics and triggers. */ kedas?: outputs.GetWorkloadOptionAutoscalingKeda[]; /** * A hard maximum for the number of concurrent requests allowed to a replica. If no replicas are available to fulfill the request then it will be queued until a replica with capacity is available and delivered as soon as one is available again. Capacity can be available from requests completing or when a new replica is available from scale out.Min: `0`. Max: `1000`. Default `0`. */ maxConcurrency: number; /** * The maximum allowed number of replicas. Min: `0`. Default `5`. */ maxScale: number; /** * Valid values: `concurrency`, `cpu`, `memory`, `rps`, `latency`, `keda` or `disabled`. */ metric: string; /** * For metrics represented as a distribution (e.g. latency) a percentile within the distribution must be chosen as the target. */ metricPercentile: string; /** * The minimum allowed number of replicas. Control Plane can scale the workload down to 0 when there is no traffic and scale up immediately to fulfill new requests. Min: `0`. Max: `maxScale`. Default `1`. */ minScale: number; multis?: outputs.GetWorkloadOptionAutoscalingMulti[]; /** * The amount of time (in seconds) with no requests received before a workload is scaled to 0. Min: `30`. Max: `3600`. Default: `300`. */ scaleToZeroDelay: number; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. Default: `95`. */ target: number; } export interface GetWorkloadOptionAutoscalingKeda { /** * Advanced configuration options for KEDA. */ advanceds?: outputs.GetWorkloadOptionAutoscalingKedaAdvanced[]; /** * The cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ cooldownPeriod: number; /** * Fallback configuration for KEDA. */ fallbacks?: outputs.GetWorkloadOptionAutoscalingKedaFallback[]; /** * The initial cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ initialCooldownPeriod: number; /** * The interval in seconds at which KEDA will poll the external metrics to determine if scaling is required. */ pollingInterval: number; /** * An array of KEDA triggers to be used for scaling workloads in this GVC. This is used to define how KEDA will scale workloads in the GVC based on external metrics or events. Each trigger type may have its own specific configuration options. */ triggers?: outputs.GetWorkloadOptionAutoscalingKedaTrigger[]; } export interface GetWorkloadOptionAutoscalingKedaAdvanced { /** * Scaling modifiers allow for fine-tuning the scaling behavior of KEDA. */ scalingModifiers?: outputs.GetWorkloadOptionAutoscalingKedaAdvancedScalingModifier[]; } export interface GetWorkloadOptionAutoscalingKedaAdvancedScalingModifier { /** * Defines the new activation target value to scale on for the composed metric. */ activationTarget: string; /** * Composes metrics together and allows them to be modified/manipulated. It accepts mathematical/conditional statements. */ formula: string; /** * Defines metric type used for this new composite-metric. */ metricType: string; /** * Defines new target value to scale on for the composed metric. */ target: string; } export interface GetWorkloadOptionAutoscalingKedaFallback { /** * Behavior to apply when fallback is triggered. */ behavior: string; /** * Number of consecutive failures required to trigger fallback behavior. */ failureThreshold: number; /** * Number of replicas to scale to when fallback is triggered. */ replicas: number; } export interface GetWorkloadOptionAutoscalingKedaTrigger { /** * Reference to a KEDA authentication object for secure access to external systems. */ authenticationReves?: outputs.GetWorkloadOptionAutoscalingKedaTriggerAuthenticationRef[]; /** * The configuration parameters that the trigger requires. */ metadata: { [key: string]: string; }; /** * The type of metric to be used for scaling. */ metricType: string; /** * An optional name for the trigger. If not provided, a default name will be generated based on the trigger type. */ name: string; /** * The type of KEDA trigger, e.g "prometheus", "aws-sqs", etc. */ type: string; /** * Enables caching of metric values during polling interval. */ useCachedMetrics: boolean; } export interface GetWorkloadOptionAutoscalingKedaTriggerAuthenticationRef { /** * The name of secret listed in the GVC spec.keda.secrets. */ name: string; } export interface GetWorkloadOptionAutoscalingMulti { /** * Valid values: `cpu` or `memory`. */ metric: string; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. */ target: number; } export interface GetWorkloadOptionMultiZone { enabled: boolean; } export interface GetWorkloadRequestRetryPolicy { attempts: number; retryOns: string[]; } export interface GetWorkloadRolloutOption { /** * The number of replicas that can be created above the desired amount of replicas during an update. */ maxSurgeReplicas: string; /** * The number of replicas that can be unavailable during the update process. */ maxUnavailableReplicas: string; /** * The minimum number of seconds a container must run without crashing to be considered available. */ minReadySeconds: number; /** * The strategies used to update applications and services deployed. Valid values: `OrderedReady` (Updates workloads in a rolling fashion, taking down old ones and bringing up new ones incrementally, ensuring that the service remains available during the update.), `Parallel` (Causes all pods affected by a scaling operation to be created or destroyed simultaneously. This does not affect update operations.). Default: `OrderedReady`. */ scalingPolicy: string; /** * The amount of time in seconds a workload has to gracefully terminate before forcefully terminating it. This includes the time it takes for the preStop hook to run. */ terminationGracePeriodSeconds: number; } export interface GetWorkloadSecurityOption { /** * The group id assigned to any mounted volume. */ fileSystemGroupId: number; /** * The user id assigned to all container processes. */ runAsUser: number; } export interface GetWorkloadSidecar { envoy: string; } export interface GetWorkloadStatus { /** * Canonical endpoint for the workload. */ canonicalEndpoint: string; /** * Current amount of replicas deployed. */ currentReplicaCount: number; /** * Endpoint for the workload. */ endpoint: string; /** * Current health status. */ healthChecks: outputs.GetWorkloadStatusHealthCheck[]; /** * Internal hostname for the workload. Used for service-to-service requests. */ internalName: string; loadBalancers: outputs.GetWorkloadStatusLoadBalancer[]; /** * ID of the parent object. */ parentId: string; replicaInternalNames: string[]; /** * Resolved images for workloads with dynamic tags enabled. */ resolvedImages: outputs.GetWorkloadStatusResolvedImage[]; /** * Computed suspension state of the workload. Valid values: `notSuspended`, `partiallySuspended`, `suspended`. */ suspendedStatus: string; } export interface GetWorkloadStatusHealthCheck { /** * Active boolean for the associated workload. */ active: boolean; /** * Current output code for the associated workload. */ code: number; /** * Failure integer for the associated workload. */ failures: number; /** * Timestamp in UTC of the last health check. */ lastChecked: string; /** * Current health status for the associated workload. */ message: string; /** * Success boolean for the associated workload. */ success: boolean; /** * Success integer for the associated workload. */ successes: number; } export interface GetWorkloadStatusLoadBalancer { origin: string; url: string; } export interface GetWorkloadStatusResolvedImage { errorMessages: string[]; /** * A list of images that were resolved. */ images: outputs.GetWorkloadStatusResolvedImageImage[]; nextRetryAt: string; /** * UTC Time when the images were resolved. */ resolvedAt: string; /** * Workload version the images were resolved for. */ resolvedForVersion: number; } export interface GetWorkloadStatusResolvedImageImage { /** * A unique SHA256 hash value that identifies a specific image content. This digest serves as a fingerprint of the image's content, ensuring the image you pull or run is exactly what you expect, without any modifications or corruptions. */ digest: string; manifests: outputs.GetWorkloadStatusResolvedImageImageManifest[]; } export interface GetWorkloadStatusResolvedImageImageManifest { /** * A SHA256 hash that uniquely identifies the specific image manifest. */ digest: string; /** * The name and tag of the resolved image. */ image: string; /** * The MIME type used in the Docker Registry HTTP API to specify the format of the data being sent or received. Docker uses media types to distinguish between different kinds of JSON objects and binary data formats within the registry protocol, enabling the Docker client and registry to understand and process different components of Docker images correctly. */ mediaType: string; /** * Key-value map of strings. The combination of the operating system and architecture for which the image is built. */ platform: { [key: string]: string; }; } export interface GetWorkloadVm { /** * SSH public keys injected at runtime via the guest agent or config drive. */ accessCredentials: outputs.GetWorkloadVmAccessCredential[]; /** * Boot disk configuration. */ bootDisk: outputs.GetWorkloadVmBootDisk; /** * Guest clock configuration. */ clock: outputs.GetWorkloadVmClock; /** * Cloud-init configuration for the guest. */ cloudInit: outputs.GetWorkloadVmCloudInit; /** * CPU topology visible to the guest. */ cpu: outputs.GetWorkloadVmCpu; /** * Firmware configuration for the guest. */ firmware: outputs.GetWorkloadVmFirmware; /** * Guest operating system family. Either `linux` or `windows`. */ guestOs: string; /** * Hostname reported to the guest. */ hostname: string; /** * Pod-network interfaces for the VM. */ networks: outputs.GetWorkloadVmNetwork[]; /** * KubeVirt RunStrategy. Either `Always`, `RerunOnFailure`, `Manual`, or `Halted`. */ runStrategy: string; /** * Subdomain used by the guest for replica-to-replica addressing. */ subdomain: string; } export interface GetWorkloadVmAccessCredential { /** * Delivery method for the access credential. Either `qemuGuestAgent` or `configDrive`. */ deliveryMethod: string; /** * Secret containing the SSH public keys to inject. */ sshPublicKeySecret: string; /** * Guest OS users the SSH public keys are injected for. */ users: string[]; } export interface GetWorkloadVmBootDisk { /** * Boot order of the boot disk. */ bootOrder: number; /** * Disk bus exposed to the guest. Either `virtio`, `sata`, or `scsi`. */ bus: string; /** * Per-replica boot PVC populated via CDI. */ persist: outputs.GetWorkloadVmBootDiskPersist; /** * Boot disk image source. */ source: outputs.GetWorkloadVmBootDiskSource; } export interface GetWorkloadVmBootDiskPersist { /** * VolumeSet URI used to provision one PVC per replica for the boot disk. */ volumeSet: string; } export interface GetWorkloadVmBootDiskSource { /** * Boot disk image fetched over HTTP/HTTPS. */ http: outputs.GetWorkloadVmBootDiskSourceHttp; /** * Boot from an OCI containerDisk image. */ oci: outputs.GetWorkloadVmBootDiskSourceOci; } export interface GetWorkloadVmBootDiskSourceHttp { /** * Disk image checksum, formatted as `sha256:` or `sha512:`. */ checksum: string; /** * HTTP/HTTPS URL of the boot disk image. */ url: string; } export interface GetWorkloadVmBootDiskSourceOci { /** * Full image reference of a containerDisk. */ image: string; } export interface GetWorkloadVmClock { /** * Guest timezone. */ timezone: string; } export interface GetWorkloadVmCloudInit { /** * SSH public keys injected via cloud-init. */ sshPublicKeySecrets: string[]; /** * Inline cloud-init user-data. */ userData: string; /** * Inline cloud-init user-data, base64-encoded. */ userDataBase64: string; /** * Secret containing cloud-init user-data. */ userDataSecret: string; } export interface GetWorkloadVmCpu { /** * CPU sockets visible to the guest. */ sockets: number; /** * CPU threads per core visible to the guest. */ threads: number; } export interface GetWorkloadVmFirmware { /** * Bootloader used by the guest. Either `bios` or `efi`. */ bootloader: string; /** * Whether UEFI Secure Boot is enabled. */ secureBoot: boolean; /** * SMBIOS system serial number reported to the guest. */ serial: string; /** * SMBIOS system information reported to the guest. */ smbios: outputs.GetWorkloadVmFirmwareSmbios; /** * Fixed SMBIOS UUID for the VM. */ uuid: string; } export interface GetWorkloadVmFirmwareSmbios { /** * SMBIOS system family. */ family: string; /** * SMBIOS system manufacturer. */ manufacturer: string; /** * SMBIOS system product name. */ product: string; /** * SMBIOS system SKU. */ sku: string; /** * SMBIOS system version. */ version: string; } export interface GetWorkloadVmNetwork { /** * Network interface name. */ name: string; } export interface GroupIdentityMatcher { /** * Executes the expression against the users' claims to decide whether a user belongs to this group. This method is useful for managing the grouping of users logged in with SAML providers. */ expression: string; /** * Language of the expression. Valid values: `jmespath`, `javascript`. Default: `jmespath`. */ language: string; } export interface GroupMemberQuery { /** * Type of fetch. Specify either: `links` or `items`. Default: `items`. */ fetch: string; spec?: outputs.GroupMemberQuerySpec; } export interface GroupMemberQuerySpec { /** * Type of match. Available values: `all`, `any`, `none`. Default: `all`. */ match: string; /** * Terms can only contain one of the following attributes: `property`, `rel`, `tag`. */ terms?: outputs.GroupMemberQuerySpecTerm[]; } export interface GroupMemberQuerySpecTerm { /** * Type of query operation. Available values: `=`, `>`, `>=`, `<`, `<=`, `!=`, `~`, `=~`, `exists`, `!exists`, `contains`. Default: `=`. */ op: string; /** * Property to use for query evaluation. */ property?: string; /** * Relation to use for query evaluation. */ rel?: string; /** * Tag key to use for query evaluation. */ tag?: string; /** * Testing value for query evaluation. */ value?: string; } export interface GvcControlplaneTracing { /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface GvcKeda { /** * Enable KEDA for this GVC. KEDA is a Kubernetes-based event-driven autoscaler that allows you to scale workloads based on external events. When enabled, a keda operator will be deployed in the GVC and workloads in the GVC can use KEDA to scale based on external metrics. */ enabled: boolean; /** * A link to an Identity resource that will be used for KEDA. This will allow the keda operator to access cloud and network resources. */ identityLink?: string; /** * A list of secrets to be used as TriggerAuthentication objects. The TriggerAuthentication object will be named after the secret and can be used by triggers on workloads in this GVC. */ secrets?: string[]; } export interface GvcLightstepTracing { /** * Full link to referenced Opaque Secret. */ credentials?: string; /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Tracing Endpoint Workload. Either the canonical endpoint or internal endpoint. */ endpoint: string; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface GvcLoadBalancer { /** * Creates a dedicated load balancer in each location and enables additional Domain features: custom ports, protocols and wildcard hostnames. Charges apply for each location. */ dedicated?: boolean; /** * The link or the name of the IP Set that will be used for this load balancer. */ ipset?: string; multiZone?: outputs.GvcLoadBalancerMultiZone; /** * Specify the url to be redirected to for different http status codes. */ redirect?: outputs.GvcLoadBalancerRedirect; /** * Controls the address used for request logging and for setting the X-Envoy-External-Address header. If set to 1, then the last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If set to 2, then the second to last address in an existing X-Forwarded-For header will be used in place of the source client IP address. If the XFF header does not have at least two addresses or does not exist then the source client IP address will be used instead. */ trustedProxies: number; } export interface GvcLoadBalancerMultiZone { enabled: boolean; } export interface GvcLoadBalancerRedirect { /** * Specify the redirect url for all status codes in a class. */ class?: outputs.GvcLoadBalancerRedirectClass; } export interface GvcLoadBalancerRedirectClass { /** * An optional url redirect for 401 responses. Supports envoy format strings to include request information. E.g. https://your-oauth-server/oauth2/authorize?return_to=%REQ(:path)%&client_id=your-client-id */ status401?: string; /** * Specify the redirect url for any 500 level status code. */ status5xx?: string; } export interface GvcLocationOption { /** * Artificial latency offset in milliseconds added to measured latency. Positive values push traffic away from this location, negative values attract traffic. Default: `0`. */ latencyOffsetMs?: number; /** * Maximum acceptable latency in milliseconds. If measured latency exceeds this value, the location is treated as unavailable for DNS geo routing. */ latencyToleranceMs?: number; /** * Name of the location these options apply to. */ name: string; /** * Routing tier for DNS geo routing. Lower value = higher priority. Locations with the same `routingTier` form a group; within a group, lowest latency wins. If all locations in the highest-priority group are unavailable, the next group is used. */ routingTier?: number; } export interface GvcLocationQuery { /** * Type of fetch. Specify either: `links` or `items`. Default: `items`. */ fetch: string; spec?: outputs.GvcLocationQuerySpec; } export interface GvcLocationQuerySpec { /** * Type of match. Available values: `all`, `any`, `none`. Default: `all`. */ match: string; /** * Terms can only contain one of the following attributes: `property`, `rel`, `tag`. */ terms?: outputs.GvcLocationQuerySpecTerm[]; } export interface GvcLocationQuerySpecTerm { /** * Type of query operation. Available values: `=`, `>`, `>=`, `<`, `<=`, `!=`, `~`, `=~`, `exists`, `!exists`, `contains`. Default: `=`. */ op: string; /** * Property to use for query evaluation. */ property?: string; /** * Relation to use for query evaluation. */ rel?: string; /** * Tag key to use for query evaluation. */ tag?: string; /** * Testing value for query evaluation. */ value?: string; } export interface GvcOtelTracing { /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Tracing Endpoint Workload. Either the canonical endpoint or internal endpoint. */ endpoint: string; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface GvcSidecar { envoy: string; } export interface HelmReleasePostrender { /** * Arguments to the post-renderer. */ args?: string[]; /** * The path to an executable to be used for post rendering. */ binaryPath: string; } export interface IdentityAwsAccessPolicy { /** * Full link to referenced cloud account. */ cloudAccountLink: string; /** * List of policies. */ policyRefs?: string[]; /** * Role name. */ roleName?: string; /** * The trust policy for the role. */ trustPolicies?: outputs.IdentityAwsAccessPolicyTrustPolicy[]; } export interface IdentityAwsAccessPolicyTrustPolicy { /** * List of statements. */ statements?: { [key: string]: string; }[]; /** * Version of the policy. */ version: string; } export interface IdentityAzureAccessPolicy { /** * Full link to referenced cloud account. */ cloudAccountLink: string; /** * The process of assigning specific roles or permissions to an entity, such as a user or a service principal, within the system. */ roleAssignments?: outputs.IdentityAzureAccessPolicyRoleAssignment[]; } export interface IdentityAzureAccessPolicyRoleAssignment { /** * List of assigned roles. */ roles?: string[]; /** * Scope of roles. */ scope?: string; } export interface IdentityGcpAccessPolicy { /** * The association or connection between a particular identity, such as a user or a group, and a set of permissions or roles within the system. */ bindings?: outputs.IdentityGcpAccessPolicyBinding[]; /** * Full link to referenced cloud account. */ cloudAccountLink: string; /** * Comma delimited list of GCP scope URLs. */ scopes: string; /** * Name of existing GCP service account. */ serviceAccount?: string; } export interface IdentityGcpAccessPolicyBinding { /** * Name of resource for binding. */ resource?: string; /** * List of allowed roles. */ roles?: string[]; } export interface IdentityNativeNetworkResource { /** * A feature provided by AWS that enables private connectivity between private VPCs and compute running at Control Plane without traversing the public internet. */ awsPrivateLink?: outputs.IdentityNativeNetworkResourceAwsPrivateLink; /** * Fully qualified domain name. */ fqdn: string; /** * Capability provided by GCP that allows private communication between private VPC networks and compute running at Control Plane. */ gcpServiceConnect?: outputs.IdentityNativeNetworkResourceGcpServiceConnect; /** * Name of the Native Network Resource. */ name: string; /** * Ports to expose. At least one port is required. */ ports: number[]; } export interface IdentityNativeNetworkResourceAwsPrivateLink { /** * Endpoint service name. */ endpointServiceName: string; } export interface IdentityNativeNetworkResourceGcpServiceConnect { /** * Target service name. */ targetService: string; } export interface IdentityNetworkResource { /** * Full link to referenced Agent. */ agentLink?: string; /** * Fully qualified domain name. */ fqdn?: string; /** * List of IP addresses. */ ips?: string[]; /** * Name of the Network Resource. */ name: string; /** * Ports to expose. */ ports: number[]; /** * Resolver IP. */ resolverIp?: string; } export interface IdentityNgsAccessPolicy { /** * Full link to referenced cloud account. */ cloudAccountLink: string; /** * Max number of bytes a connection can send. Default: -1 */ data: number; /** * Max message payload. Default: -1 */ payload: number; /** * Pub Permission. */ pub?: outputs.IdentityNgsAccessPolicyPub; /** * Reponses. */ resp?: outputs.IdentityNgsAccessPolicyResp; /** * Sub Permission. */ sub?: outputs.IdentityNgsAccessPolicySub; /** * Max number of subscriptions per connection. Default: -1 */ subs: number; } export interface IdentityNgsAccessPolicyPub { /** * List of allow subjects. */ allows?: string[]; /** * List of deny subjects. */ denies?: string[]; } export interface IdentityNgsAccessPolicyResp { /** * Number of responses allowed on the replyTo subject, -1 means no limit. Default: -1 */ max: number; /** * Deadline to send replies on the replyTo subject [#ms(millis) | #s(econds) | m(inutes) | h(ours)]. -1 means no restriction. */ ttl?: string; } export interface IdentityNgsAccessPolicySub { /** * List of allow subjects. */ allows?: string[]; /** * List of deny subjects. */ denies?: string[]; } export interface IpSetLocation { /** * The self link of a location. */ name: string; retentionPolicy: string; } export interface IpSetStatus { error: string; ipAddresses: outputs.IpSetStatusIpAddress[]; warning: string; } export interface IpSetStatusIpAddress { created: string; id: string; ip: string; name: string; state: string; } export interface LocationGeo { /** * City of the location. */ city: string; /** * Continent of the location. */ continent: string; /** * Country of the location. */ country: string; /** * Latitude of the location. */ lat: number; /** * Longitude of the location. */ lon: number; /** * State of the location. */ state: string; } export interface Mk8sAddOns { awsEcr?: outputs.Mk8sAddOnsAwsEcr; awsEfs?: outputs.Mk8sAddOnsAwsEfs; awsElb?: outputs.Mk8sAddOnsAwsElb; awsWorkloadIdentity?: boolean; azureAcr?: outputs.Mk8sAddOnsAzureAcr; azureWorkloadIdentity?: outputs.Mk8sAddOnsAzureWorkloadIdentity; /** * Bring-your-own Kubernetes (BYOK) add-on settings. */ byok?: outputs.Mk8sAddOnsByok; dashboard?: boolean; headlamp?: boolean; /** * Enables type=vm workloads by installing the KubeVirt and CDI operators on the cluster. */ kubevirt?: outputs.Mk8sAddOnsKubevirt; localPathStorage?: boolean; logs?: outputs.Mk8sAddOnsLogs; /** * Scrape pods annotated with prometheus.io/scrape=true */ metrics?: outputs.Mk8sAddOnsMetrics; /** * Per-node CoreDNS cache. Required by the kubevirt add-on. */ nodeLocalDns?: boolean; nvidia?: outputs.Mk8sAddOnsNvidia; registryMirror?: outputs.Mk8sAddOnsRegistryMirror; sysbox?: boolean; } export interface Mk8sAddOnsAwsEcr { /** * Role to use when authorizing ECR pulls. Optional on AWS, in which case it will use the instance role to pull. */ roleArn?: string; } export interface Mk8sAddOnsAwsEfs { /** * Use this role for EFS interaction. */ roleArn?: string; } export interface Mk8sAddOnsAwsElb { /** * Role to use when authorizing calls to EC2 ELB. Optional on AWS, when not provided it will create the recommended role. */ roleArn?: string; } export interface Mk8sAddOnsAzureAcr { clientId: string; } export interface Mk8sAddOnsAzureWorkloadIdentity { /** * Tenant ID to use for workload identity. */ tenantId?: string; } export interface Mk8sAddOnsByok { /** * Fine-grained configuration for the BYOK workloads. */ config: outputs.Mk8sAddOnsByokConfig; /** * Disable Control Plane managed upgrades for BYOK components. */ ignoreUpdates?: boolean; /** * The full link of a BYOK location. */ location: string; } export interface Mk8sAddOnsByokConfig { /** * Resource tuning for the actuator component. */ actuator?: outputs.Mk8sAddOnsByokConfigActuator; /** * BYOK-wide settings. */ byok?: outputs.Mk8sAddOnsByokConfigByok; /** * Shared rollout settings for BYOK workloads. */ common?: outputs.Mk8sAddOnsByokConfigCommon; /** * Ingress controller resource configuration. */ ingress?: outputs.Mk8sAddOnsByokConfigIngress; /** * Internal DNS deployment settings. */ internalDns?: outputs.Mk8sAddOnsByokConfigInternalDns; /** * Istio service mesh configuration. */ istio?: outputs.Mk8sAddOnsByokConfigIstio; /** * JuiceFS distributed file system add-on settings. */ juicefs?: outputs.Mk8sAddOnsByokConfigJuicefs; /** * Log splitter deployment configuration. */ logSplitter?: outputs.Mk8sAddOnsByokConfigLogSplitter; /** * Longhorn persistent volume settings. */ longhorn?: outputs.Mk8sAddOnsByokConfigLonghorn; /** * Configuration for the optional middlebox traffic shaper. */ middlebox?: outputs.Mk8sAddOnsByokConfigMiddlebox; /** * Monitoring stack configuration. */ monitoring?: outputs.Mk8sAddOnsByokConfigMonitoring; /** * Redis cache configuration. */ redis?: outputs.Mk8sAddOnsByokConfigRedis; /** * High-availability Redis configuration. */ redisHa?: outputs.Mk8sAddOnsByokConfigRedisHa; /** * Redis Sentinel configuration. */ redisSentinel?: outputs.Mk8sAddOnsByokConfigRedisSentinel; /** * Tempo agent resource configuration. */ tempoAgent?: outputs.Mk8sAddOnsByokConfigTempoAgent; } export interface Mk8sAddOnsByokConfigActuator { /** * Additional environment variables injected into actuator pods. */ env?: { [key: string]: string; }; /** * Log level override for actuator containers. Valid values are: trace, info, error. */ logLevel?: string; /** * CPU limit applied to actuator pods. */ maxCpu?: string; /** * Memory limit applied to actuator pods. */ maxMemory?: string; /** * Minimum CPU request applied to actuator pods (e.g. "100m"). */ minCpu?: string; /** * Minimum memory request applied to actuator pods (e.g. "128Mi"). */ minMemory?: string; } export interface Mk8sAddOnsByokConfigByok { /** * When set, the BYOK installation does not provision any default storage classes. */ noDefaultStorageClasses?: boolean; } export interface Mk8sAddOnsByokConfigCommon { /** * Replica count shared by BYOK control plane deployments. */ deploymentReplicas?: number; /** * Pod disruption budget limits for BYOK workloads. */ pdb?: outputs.Mk8sAddOnsByokConfigCommonPdb; } export interface Mk8sAddOnsByokConfigCommonPdb { /** * Maximum number of pods that can be unavailable during disruptions. */ maxUnavailable?: number; } export interface Mk8sAddOnsByokConfigIngress { /** * CPU request/limit string applied to ingress pods. */ cpu?: string; /** * Memory request/limit string applied to ingress pods. */ memory?: string; /** * Target usage percentage that triggers ingress autoscaling. */ targetPercent?: number; } export interface Mk8sAddOnsByokConfigInternalDns { /** * CPU limit applied to internal DNS pods. */ maxCpu?: string; /** * Memory limit applied to internal DNS pods. */ maxMemory?: string; /** * CPU request applied to internal DNS pods. */ minCpu?: string; /** * Memory request applied to internal DNS pods. */ minMemory?: string; } export interface Mk8sAddOnsByokConfigIstio { /** * Istio ingress gateway deployment settings. */ ingressGateway?: outputs.Mk8sAddOnsByokConfigIstioIngressGateway; /** * Control plane deployment settings for istiod. */ istiod?: outputs.Mk8sAddOnsByokConfigIstioIstiod; /** * Default resource requests for Istio sidecar injection. */ sidecar?: outputs.Mk8sAddOnsByokConfigIstioSidecar; } export interface Mk8sAddOnsByokConfigIstioIngressGateway { /** * CPU limit applied to ingress gateway pods. */ maxCpu?: string; /** * Memory limit applied to ingress gateway pods. */ maxMemory?: string; /** * Number of ingress gateway replicas. */ replicas?: number; } export interface Mk8sAddOnsByokConfigIstioIstiod { /** * CPU limit applied to istiod pods. */ maxCpu?: string; /** * Memory limit applied to istiod pods. */ maxMemory?: string; /** * CPU request applied to istiod pods. */ minCpu?: string; /** * Memory request applied to istiod pods. */ minMemory?: string; /** * Pod disruption budget maxUnavailable for istiod. */ pdb?: number; /** * Number of istiod replicas. */ replicas?: number; } export interface Mk8sAddOnsByokConfigIstioSidecar { /** * CPU request applied to injected sidecars. */ minCpu?: string; /** * Memory request applied to injected sidecars. */ minMemory?: string; } export interface Mk8sAddOnsByokConfigJuicefs { /** * Whether to install JuiceFS on the BYOK cluster. */ enabled?: boolean; } export interface Mk8sAddOnsByokConfigLogSplitter { /** * CPU limit applied to log splitter pods. */ maxCpu?: string; /** * Memory limit applied to log splitter pods. */ maxMemory?: string; /** * In-memory buffer size consumed by each log splitter pod. */ memBufferSize?: string; /** * CPU request applied to log splitter pods. */ minCpu?: string; /** * Memory request applied to log splitter pods. */ minMemory?: string; /** * Per-pod log processing rate limit. */ perPodRate?: number; } export interface Mk8sAddOnsByokConfigLonghorn { /** * Mark Longhorn as the default storage class. */ isDefault?: boolean; /** * Replica factor for Longhorn volumes. Minimum: 1. */ numberOfReplicas?: number; /** * Replica factor for Longhorn volumes. Minimum: 1. */ replicas?: number; } export interface Mk8sAddOnsByokConfigMiddlebox { /** * Alert threshold, in Mbps, for middlebox bandwidth usage. */ bandwidthAlertMbps?: number; /** * Whether to deploy the middlebox component. */ enabled?: boolean; /** * IPv4 address bound by the middlebox component. */ ip?: string; /** * Listening port for the middlebox component. */ port?: number; } export interface Mk8sAddOnsByokConfigMonitoring { /** * Static labels appended to every metric scraped by the BYOK Prometheus stack. */ externalLabels?: { [key: string]: string; }; /** * Kube-state-metrics resource overrides. */ kubeStateMetrics?: outputs.Mk8sAddOnsByokConfigMonitoringKubeStateMetrics; /** * Maximum memory limit for monitoring components. */ maxMemory?: string; /** * Minimum memory request for monitoring components. */ minMemory?: string; /** * Prometheus deployment configuration. */ prometheus?: outputs.Mk8sAddOnsByokConfigMonitoringPrometheus; /** * Prometheus remoteWrite client configurations. Order is preserved as written. */ remoteWrites?: outputs.Mk8sAddOnsByokConfigMonitoringRemoteWrite[]; } export interface Mk8sAddOnsByokConfigMonitoringKubeStateMetrics { /** * Memory request applied to kube-state-metrics pods. */ minMemory?: string; } export interface Mk8sAddOnsByokConfigMonitoringPrometheus { /** * Primary Prometheus instance settings. */ main?: outputs.Mk8sAddOnsByokConfigMonitoringPrometheusMain; } export interface Mk8sAddOnsByokConfigMonitoringPrometheusMain { /** * Persistent volume size for Prometheus (for example, "50Gi"). */ storage?: string; } export interface Mk8sAddOnsByokConfigMonitoringRemoteWrite { /** * HTTP Authorization header credentials. */ authorization?: outputs.Mk8sAddOnsByokConfigMonitoringRemoteWriteAuthorization; /** * Azure AD authentication parameters as flat key-value pairs. */ azuread?: { [key: string]: string; }; /** * HTTP basic authentication credentials. */ basicAuth?: outputs.Mk8sAddOnsByokConfigMonitoringRemoteWriteBasicAuth; /** * Whether to enable HTTP/2. */ enableHttp2?: boolean; /** * Whether the HTTP client follows redirects. */ followRedirects?: boolean; /** * Google Cloud IAM authentication parameters as flat key-value pairs. */ googleIam?: { [key: string]: string; }; /** * Custom request headers attached to every remoteWrite call. */ headers?: { [key: string]: string; }; /** * Custom HTTP headers, as flat key-value pairs. */ httpHeaders?: { [key: string]: string; }; /** * Friendly name used in metrics for this client. */ name?: string; /** * Comma-separated list of hosts that bypass the proxy. */ noProxy?: string; /** * OAuth 2.0 client configuration as flat key-value pairs. */ oauth2?: { [key: string]: string; }; /** * Headers sent to the proxy on CONNECT, as flat key-value pairs. */ proxyConnectHeader?: { [key: string]: string; }; /** * Whether to read proxy settings from environment variables. */ proxyFromEnvironment?: boolean; /** * HTTP proxy URL used for outbound requests. */ proxyUrl?: string; /** * Tuning parameters for the in-memory remoteWrite queue, as flat key-value pairs. */ queueConfig?: { [key: string]: string; }; /** * Per-request timeout (for example, "30s"). */ remoteTimeout?: string; /** * Whether to forward Prometheus exemplars. */ sendExemplars?: boolean; /** * Whether to forward Prometheus native histograms. */ sendNativeHistograms?: boolean; /** * AWS SigV4 authentication parameters as flat key-value pairs. */ sigv4?: { [key: string]: string; }; /** * TLS configuration as flat key-value pairs. */ tlsConfig?: { [key: string]: string; }; /** * Endpoint that receives the remoteWrite payload. */ url?: string; /** * Relabel rules applied to samples before they are sent. */ writeRelabelConfigs?: { [key: string]: string; }[]; } export interface Mk8sAddOnsByokConfigMonitoringRemoteWriteAuthorization { /** * Authorization credentials. */ credentials?: string; /** * Path to a file containing the credentials. */ credentialsFile?: string; /** * Authorization scheme (for example, "Bearer"). */ type?: string; } export interface Mk8sAddOnsByokConfigMonitoringRemoteWriteBasicAuth { /** * Password for HTTP basic authentication. */ password?: string; /** * Path to a file containing the password. */ passwordFile?: string; /** * Username for HTTP basic authentication. */ username?: string; /** * Path to a file containing the username. */ usernameFile?: string; } export interface Mk8sAddOnsByokConfigRedis { /** * CPU limit applied to the Redis pods. */ maxCpu?: string; /** * Memory limit applied to the Redis pods. */ maxMemory?: string; /** * CPU request applied to the Redis pods. */ minCpu?: string; /** * Memory request applied to the Redis pods. */ minMemory?: string; /** * Persistent storage size allocated to the Redis pods (for example, "8Gi"). */ storage?: string; } export interface Mk8sAddOnsByokConfigRedisHa { /** * CPU limit applied to the Redis pods. */ maxCpu?: string; /** * Memory limit applied to the Redis pods. */ maxMemory?: string; /** * CPU request applied to the Redis pods. */ minCpu?: string; /** * Memory request applied to the Redis pods. */ minMemory?: string; /** * Persistent storage size allocated to the Redis pods, in GiB. */ storage?: number; } export interface Mk8sAddOnsByokConfigRedisSentinel { /** * CPU limit applied to the Redis pods. */ maxCpu?: string; /** * Memory limit applied to the Redis pods. */ maxMemory?: string; /** * CPU request applied to the Redis pods. */ minCpu?: string; /** * Memory request applied to the Redis pods. */ minMemory?: string; /** * Persistent storage size allocated to the Redis pods, in GiB. */ storage?: number; } export interface Mk8sAddOnsByokConfigTempoAgent { /** * CPU request applied to tempo agent pods. */ minCpu?: string; /** * Memory request applied to tempo agent pods. */ minMemory?: string; } export interface Mk8sAddOnsKubevirt { /** * Filesystem-mode StorageClass CDI uses for import scratch space. Required when the cluster default StorageClass is block-mode. */ scratchSpaceStorageClass?: string; } export interface Mk8sAddOnsLogs { /** * Collect k8s audit log as log events. */ auditEnabled?: boolean; /** * Collect docker logs if docker is also running. */ docker?: boolean; /** * Collect K8S events from all namespaces. */ events?: boolean; excludeNamespaces?: string; includeNamespaces?: string; /** * Collect kernel logs. */ kernel?: boolean; /** * Collect kubelet logs from journald. */ kubelet?: boolean; } export interface Mk8sAddOnsMetrics { /** * Enable scraping apiserver stats. */ apiServer?: boolean; /** * Enable CNI-level container stats. */ cadvisor?: boolean; /** * Enable scraping of core-dns service. */ coreDns?: boolean; /** * Enable kube-state metrics. */ kubeState?: boolean; /** * Enable scraping kubelet stats. */ kubelet?: boolean; /** * Enable collecting node-level stats (disk, network, filesystem, etc). */ nodeExporter?: boolean; scrapeAnnotated?: outputs.Mk8sAddOnsMetricsScrapeAnnotated; } export interface Mk8sAddOnsMetricsScrapeAnnotated { excludeNamespaces?: string; includeNamespaces?: string; intervalSeconds: number; retainLabels?: string; } export interface Mk8sAddOnsNvidia { taintGpuNodes?: boolean; } export interface Mk8sAddOnsRegistryMirror { mirrors?: outputs.Mk8sAddOnsRegistryMirrorMirror[]; } export interface Mk8sAddOnsRegistryMirrorMirror { mirrors?: string[]; registry: string; } export interface Mk8sAwsProvider { autoscaler?: outputs.Mk8sAwsProviderAutoscaler; /** * Extra tags to attach to all created objects. */ awsTags?: { [key: string]: string; }; /** * Control Plane will set up the cluster by assuming this role. */ deployRoleArn: string; deployRoleChains?: outputs.Mk8sAwsProviderDeployRoleChain[]; /** * KMS key used to encrypt volumes. Supports SSM. */ diskEncryptionKeyArn?: string; extraNodePolicies?: string[]; /** * Default image for all nodes. */ image?: outputs.Mk8sAwsProviderImage; /** * Name of keyPair. Supports SSM */ keyPair?: string; networking?: outputs.Mk8sAwsProviderNetworking; /** * List of node pools. */ nodePools?: outputs.Mk8sAwsProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * Region where the cluster nodes will live. */ region: string; /** * Security groups to deploy nodes to. Security groups control if the cluster is multi-zone or single-zon. */ securityGroupIds?: string[]; /** * If true, Control Plane will not create any roles. */ skipCreateRoles: boolean; /** * The vpc where nodes will be deployed. Supports SSM. */ vpcId: string; } export interface Mk8sAwsProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sAwsProviderDeployRoleChain { externalId?: string; roleArn: string; /** * Control Plane will set up the cluster by assuming this role. */ sessionNamePrefix?: string; } export interface Mk8sAwsProviderImage { /** * Support SSM. */ exact?: string; recommended?: string; } export interface Mk8sAwsProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sAwsProviderNodePool { /** * Size in GB. */ bootDiskSize: number; /** * Security groups to deploy nodes to. Security groups control if the cluster is multi-zone or single-zon. */ extraSecurityGroupIds?: string[]; instanceTypes: string[]; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; onDemandBaseCapacity: number; onDemandPercentageAboveBaseCapacity: number; /** * Default image for all nodes. */ overrideImage?: outputs.Mk8sAwsProviderNodePoolOverrideImage; spotAllocationStrategy: string; subnetIds: string[]; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sAwsProviderNodePoolTaint[]; } export interface Mk8sAwsProviderNodePoolOverrideImage { /** * Support SSM. */ exact?: string; recommended?: string; } export interface Mk8sAwsProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sAzureProvider { autoscaler?: outputs.Mk8sAzureProviderAutoscaler; /** * Default image for all nodes. */ image?: outputs.Mk8sAzureProviderImage; /** * Region where the cluster nodes will live. */ location: string; /** * The vpc where nodes will be deployed. */ networkId: string; networking?: outputs.Mk8sAzureProviderNetworking; nodePools?: outputs.Mk8sAzureProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; resourceGroup: string; sdkSecretLink: string; /** * SSH keys to install for "azureuser" linux user */ sshKeys: string[]; subscriptionId: string; /** * Extra tags to attach to all created objects. */ tags?: { [key: string]: string; }; } export interface Mk8sAzureProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sAzureProviderImage { recommended?: string; reference?: outputs.Mk8sAzureProviderImageReference; } export interface Mk8sAzureProviderImageReference { offer: string; publisher: string; sku: string; version: string; } export interface Mk8sAzureProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sAzureProviderNodePool { bootDiskSize: number; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; overrideImage?: outputs.Mk8sAzureProviderNodePoolOverrideImage; size: string; subnetId: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sAzureProviderNodePoolTaint[]; zones: number[]; } export interface Mk8sAzureProviderNodePoolOverrideImage { recommended?: string; reference?: outputs.Mk8sAzureProviderNodePoolOverrideImageReference; } export interface Mk8sAzureProviderNodePoolOverrideImageReference { offer: string; publisher: string; sku: string; version: string; } export interface Mk8sAzureProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sDigitalOceanProvider { autoscaler?: outputs.Mk8sDigitalOceanProviderAutoscaler; /** * Extra tags to attach to droplets. */ digitalOceanTags?: string[]; /** * Extra SSH keys to provision for user root that are not registered in the DigitalOcean. */ extraSshKeys?: string[]; /** * Default image for all nodes. */ image: string; networking?: outputs.Mk8sDigitalOceanProviderNetworking; nodePools?: outputs.Mk8sDigitalOceanProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * Region to deploy nodes to. */ region: string; /** * Optional set of IPs to assign as extra IPs for nodes of the cluster. */ reservedIps?: string[]; /** * SSH key name for accessing deployed nodes. */ sshKeys: string[]; /** * Link to a secret holding personal access token. */ tokenSecretLink: string; /** * ID of the Hetzner network to deploy nodes to. */ vpcId: string; } export interface Mk8sDigitalOceanProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sDigitalOceanProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sDigitalOceanProviderNodePool { dropletSize: string; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; overrideImage?: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sDigitalOceanProviderNodePoolTaint[]; } export interface Mk8sDigitalOceanProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sEphemeralProvider { /** * Control Plane location that will host the K8s components. Prefer one that is closest to where the nodes are running. */ location: string; /** * List of node pools. */ nodePools?: outputs.Mk8sEphemeralProviderNodePool[]; } export interface Mk8sEphemeralProviderNodePool { /** * CPU architecture of the nodes. */ arch: string; /** * Number of nodes to deploy. */ count: number; /** * Allocated CPU. */ cpu: string; /** * Linux distro to use for ephemeral nodes. */ flavor: string; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; /** * Allocated memory. */ memory: string; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sEphemeralProviderNodePoolTaint[]; } export interface Mk8sEphemeralProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sFirewall { description?: string; sourceCidr: string; } export interface Mk8sGcpProvider { autoscaler?: outputs.Mk8sGcpProviderAutoscaler; /** * Default image for all nodes. */ image?: outputs.Mk8sGcpProviderImage; /** * Extra tags to attach to all created objects. */ labels?: { [key: string]: string; }; metadata?: { [key: string]: string; }; /** * VPC network used by the cluster. */ network: string; networking?: outputs.Mk8sGcpProviderNetworking; nodePools?: outputs.Mk8sGcpProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * GCP project ID that hosts the cluster infrastructure. */ projectId: string; /** * Region where the cluster nodes will live. */ region: string; /** * Link to a secret containing the service account JSON key. */ saKeyLink: string; tags?: string[]; } export interface Mk8sGcpProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sGcpProviderImage { exact?: string; family?: outputs.Mk8sGcpProviderImageFamily; /** * Recommended image alias. Valid values: `ubuntu/jammy-22.04`, `ubuntu/noble-24.04`, `debian/bookworm-12`, `debian/trixie-13`, `google/cos-stable`. */ recommended?: string; } export interface Mk8sGcpProviderImageFamily { family: string; project: string; } export interface Mk8sGcpProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sGcpProviderNodePool { assignPublicIp?: boolean; /** * Size in GB. */ bootDiskSize: number; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; localPersistentDisks?: number; /** * GCE machine type for nodes in this pool. */ machineType: string; maxSize: number; minSize: number; name: string; overrideImage?: outputs.Mk8sGcpProviderNodePoolOverrideImage; preemptible?: boolean; /** * Subnet within the selected network. */ subnet: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sGcpProviderNodePoolTaint[]; /** * Zone where the pool nodes run. */ zone: string; } export interface Mk8sGcpProviderNodePoolOverrideImage { exact?: string; family?: outputs.Mk8sGcpProviderNodePoolOverrideImageFamily; /** * Recommended image alias. Valid values: `ubuntu/jammy-22.04`, `ubuntu/noble-24.04`, `debian/bookworm-12`, `debian/trixie-13`, `google/cos-stable`. */ recommended?: string; } export interface Mk8sGcpProviderNodePoolOverrideImageFamily { family: string; project: string; } export interface Mk8sGcpProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sGenericProvider { /** * Control Plane location that will host the K8s components. Prefer one that is closest to where the nodes are running. */ location: string; networking?: outputs.Mk8sGenericProviderNetworking; /** * List of node pools. */ nodePools?: outputs.Mk8sGenericProviderNodePool[]; } export interface Mk8sGenericProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sGenericProviderNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sGenericProviderNodePoolTaint[]; } export interface Mk8sGenericProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sHetznerProvider { autoscaler?: outputs.Mk8sHetznerProviderAutoscaler; /** * Node pools that can configure dedicated Hetzner servers. */ dedicatedServerNodePools?: outputs.Mk8sHetznerProviderDedicatedServerNodePool[]; /** * Optional firewall rule to attach to all nodes. */ firewallId?: string; /** * If supplied, nodes will get assigned a random floating ip matching the selector. */ floatingIpSelector?: { [key: string]: string; }; /** * Extra labels to attach to servers. */ hetznerLabels?: { [key: string]: string; }; /** * Default image for all nodes. */ image: string; /** * ID of the Hetzner network to deploy nodes to. */ networkId: string; networking?: outputs.Mk8sHetznerProviderNetworking; nodePools?: outputs.Mk8sHetznerProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * Hetzner region to deploy nodes to. */ region: string; /** * SSH key name for accessing deployed nodes. */ sshKey?: string; /** * Link to a secret holding Hetzner access key. */ tokenSecretLink: string; } export interface Mk8sHetznerProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sHetznerProviderDedicatedServerNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sHetznerProviderDedicatedServerNodePoolTaint[]; } export interface Mk8sHetznerProviderDedicatedServerNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sHetznerProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sHetznerProviderNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; overrideImage?: string; serverType: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sHetznerProviderNodePoolTaint[]; } export interface Mk8sHetznerProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sLambdalabsProvider { autoscaler?: outputs.Mk8sLambdalabsProviderAutoscaler; fileSystems?: string[]; /** * List of node pools. */ nodePools?: outputs.Mk8sLambdalabsProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * Region where the cluster nodes will live. */ region: string; /** * SSH key name for accessing deployed nodes. */ sshKey: string; /** * Link to a secret holding Lambdalabs access key. */ tokenSecretLink: string; unmanagedNodePools?: outputs.Mk8sLambdalabsProviderUnmanagedNodePool[]; } export interface Mk8sLambdalabsProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sLambdalabsProviderNodePool { instanceType: string; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sLambdalabsProviderNodePoolTaint[]; } export interface Mk8sLambdalabsProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sLambdalabsProviderUnmanagedNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sLambdalabsProviderUnmanagedNodePoolTaint[]; } export interface Mk8sLambdalabsProviderUnmanagedNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sLinodeProvider { authorizedKeys?: string[]; authorizedUsers?: string[]; autoscaler?: outputs.Mk8sLinodeProviderAutoscaler; /** * Optional firewall rule to attach to all nodes. */ firewallId?: string; /** * Default image for all nodes. */ image: string; networking?: outputs.Mk8sLinodeProviderNetworking; /** * List of node pools. */ nodePools?: outputs.Mk8sLinodeProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * Region where the cluster nodes will live. */ region: string; /** * Link to a secret holding Linode access key. */ tokenSecretLink: string; /** * The vpc where nodes will be deployed. Supports SSM. */ vpcId: string; } export interface Mk8sLinodeProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sLinodeProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sLinodeProviderNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; overrideImage?: string; serverType: string; subnetId: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sLinodeProviderNodePoolTaint[]; } export interface Mk8sLinodeProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sOblivusProvider { autoscaler?: outputs.Mk8sOblivusProviderAutoscaler; datacenter: string; /** * List of node pools. */ nodePools?: outputs.Mk8sOblivusProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; sshKeys?: string[]; /** * Link to a secret holding Oblivus access key. */ tokenSecretLink: string; unmanagedNodePools?: outputs.Mk8sOblivusProviderUnmanagedNodePool[]; } export interface Mk8sOblivusProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sOblivusProviderNodePool { flavor: string; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sOblivusProviderNodePoolTaint[]; } export interface Mk8sOblivusProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sOblivusProviderUnmanagedNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sOblivusProviderUnmanagedNodePoolTaint[]; } export interface Mk8sOblivusProviderUnmanagedNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sPaperspaceProvider { autoscaler?: outputs.Mk8sPaperspaceProviderAutoscaler; networkId: string; /** * List of node pools. */ nodePools?: outputs.Mk8sPaperspaceProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * Region where the cluster nodes will live. */ region: string; sharedDrives?: string[]; /** * Link to a secret holding Paperspace access key. */ tokenSecretLink: string; unmanagedNodePools?: outputs.Mk8sPaperspaceProviderUnmanagedNodePool[]; userIds?: string[]; } export interface Mk8sPaperspaceProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sPaperspaceProviderNodePool { bootDiskSize?: number; /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; machineType: string; maxSize: number; minSize: number; name: string; publicIpType: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sPaperspaceProviderNodePoolTaint[]; } export interface Mk8sPaperspaceProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sPaperspaceProviderUnmanagedNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; name: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sPaperspaceProviderUnmanagedNodePoolTaint[]; } export interface Mk8sPaperspaceProviderUnmanagedNodePoolTaint { effect?: string; key?: string; value?: string; } export interface Mk8sStatus { addOns: outputs.Mk8sStatusAddOn[]; homeLocation: string; oidcProviderUrl: string; serverUrl: string; } export interface Mk8sStatusAddOn { awsEcrs: outputs.Mk8sStatusAddOnAwsEcr[]; awsEfs: outputs.Mk8sStatusAddOnAwsEf[]; awsElbs: outputs.Mk8sStatusAddOnAwsElb[]; awsWorkloadIdentities: outputs.Mk8sStatusAddOnAwsWorkloadIdentity[]; dashboards: outputs.Mk8sStatusAddOnDashboard[]; headlamps: outputs.Mk8sStatusAddOnHeadlamp[]; logs: outputs.Mk8sStatusAddOnLog[]; metrics: outputs.Mk8sStatusAddOnMetric[]; } export interface Mk8sStatusAddOnAwsEcr { trustPolicy: string; } export interface Mk8sStatusAddOnAwsEf { trustPolicy: string; } export interface Mk8sStatusAddOnAwsElb { trustPolicy: string; } export interface Mk8sStatusAddOnAwsWorkloadIdentity { oidcProviderConfigs: outputs.Mk8sStatusAddOnAwsWorkloadIdentityOidcProviderConfig[]; trustPolicy: string; } export interface Mk8sStatusAddOnAwsWorkloadIdentityOidcProviderConfig { audience: string; providerUrl: string; } export interface Mk8sStatusAddOnDashboard { /** * Access to dashboard. */ url: string; } export interface Mk8sStatusAddOnHeadlamp { /** * Access to dashboard. */ url: string; } export interface Mk8sStatusAddOnLog { /** * Loki endpoint to query logs from. */ lokiAddress: string; } export interface Mk8sStatusAddOnMetric { prometheusEndpoint: string; remoteWriteConfig: string; } export interface Mk8sTritonProvider { autoscaler?: outputs.Mk8sTritonProviderAutoscaler; connection?: outputs.Mk8sTritonProviderConnection; /** * Enable firewall for the instances deployed. */ firewallEnabled?: boolean; /** * Default image for all nodes. */ imageId: string; loadBalancer?: outputs.Mk8sTritonProviderLoadBalancer; /** * Control Plane location that will host the K8s components. Prefer one that is closest to the Triton datacenter. */ location: string; networking?: outputs.Mk8sTritonProviderNetworking; /** * List of node pools. */ nodePools?: outputs.Mk8sTritonProviderNodePool[]; /** * Optional shell script that will be run before K8s is installed. Supports SSM. */ preInstallScript?: string; /** * ID of the private Fabric/Network. */ privateNetworkId: string; /** * Extra SSH keys to provision for user root. */ sshKeys?: string[]; } export interface Mk8sTritonProviderAutoscaler { expanders: string[]; unneededTime: string; unreadyTime: string; utilizationThreshold: number; } export interface Mk8sTritonProviderConnection { account: string; /** * Link to a SSH or opaque secret. */ privateKeySecretLink: string; url: string; user?: string; } export interface Mk8sTritonProviderLoadBalancer { gateway?: outputs.Mk8sTritonProviderLoadBalancerGateway; manual?: outputs.Mk8sTritonProviderLoadBalancerManual; none?: outputs.Mk8sTritonProviderLoadBalancerNone; } export interface Mk8sTritonProviderLoadBalancerGateway { } export interface Mk8sTritonProviderLoadBalancerManual { cnsInternalDomain: string; cnsPublicDomain: string; count: number; imageId: string; logging?: outputs.Mk8sTritonProviderLoadBalancerManualLogging; /** * Extra tags to attach to instances from a node pool. */ metadata?: { [key: string]: string; }; packageId: string; /** * If set, machine will also get a public IP. */ privateNetworkIds: string[]; /** * If set, machine will also get a public IP. */ publicNetworkId: string; /** * Extra tags to attach to instances from a node pool. */ tags?: { [key: string]: string; }; } export interface Mk8sTritonProviderLoadBalancerManualLogging { externalSyslog?: string; nodePort?: number; } export interface Mk8sTritonProviderLoadBalancerNone { } export interface Mk8sTritonProviderNetworking { /** * DNS forwarder used by the cluster. Can be a space-delimited list of dns servers. Default is /etc/resolv.conf when not specified. */ dnsForwarder?: string; /** * The CIDR of the pod network. */ podNetwork: string; /** * The CIDR of the service network. */ serviceNetwork: string; } export interface Mk8sTritonProviderNodePool { /** * Labels to attach to nodes of a node pool. */ labels?: { [key: string]: string; }; maxSize: number; minSize: number; name: string; overrideImageId?: string; packageId: string; /** * More private networks to join. */ privateNetworkIds?: string[]; /** * If set, machine will also get a public IP. */ publicNetworkId?: string; /** * Taint for the nodes of a pool. */ taints?: outputs.Mk8sTritonProviderNodePoolTaint[]; /** * Extra tags to attach to instances from a node pool. */ tritonTags?: { [key: string]: string; }; } export interface Mk8sTritonProviderNodePoolTaint { effect?: string; key?: string; value?: string; } export interface OrgAuthConfig { /** * List of domains which will auto-provision users when authenticating using SAML. */ domainAutoMembers: string[]; /** * Enforce SAML only authentication. */ samlOnly: boolean; } export interface OrgLoggingCloudWatchLogging { /** * Full Link to a secret of type `opaque`. */ credentials: string; /** * Enable custom data extraction from log entries for enhanced querying and analysis. */ extractFields?: { [key: string]: string; }; /** * A container for log streams with common settings like retention. Used to categorize logs by application or service type. */ groupName: string; /** * Valid AWS region. */ region: string; /** * Length, in days, for how log data is kept before it is automatically deleted. */ retentionDays?: number; /** * A sequence of log events from the same source within a log group. Typically represents individual instances of services or applications. */ streamName: string; } export interface OrgLoggingCoralogixLogging { /** * App name to be displayed in Coralogix dashboard. */ app?: string; /** * Coralogix cluster URI. */ cluster: string; /** * Full link to referenced Opaque Secret. */ credentials: string; /** * Subsystem name to be displayed in Coralogix dashboard. */ subsystem?: string; } export interface OrgLoggingDatadogLogging { /** * Full link to referenced Opaque Secret. */ credentials: string; /** * Datadog host URI. */ host: string; } export interface OrgLoggingElasticLogging { /** * For targeting Amazon Web Services (AWS) ElasticSearch. */ aws?: outputs.OrgLoggingElasticLoggingAws; /** * For targeting Elastic Cloud. */ elasticCloud?: outputs.OrgLoggingElasticLoggingElasticCloud; /** * For targeting generic Elastic Search providers. */ generic?: outputs.OrgLoggingElasticLoggingGeneric; } export interface OrgLoggingElasticLoggingAws { /** * Full Link to a secret of type `aws`. */ credentials: string; /** * A valid AWS ElasticSearch hostname (must end with es.amazonaws.com). */ host: string; /** * Logging Index. */ index: string; /** * Port. Default: 443 */ port: number; /** * Valid AWS region. */ region: string; /** * Logging Type. */ type: string; } export interface OrgLoggingElasticLoggingElasticCloud { /** * [Cloud ID](https://www.elastic.co/guide/en/cloud/current/ec-cloud-id.html) */ cloudId: string; /** * Full Link to a secret of type `userpass`. */ credentials: string; /** * Logging Index. */ index: string; /** * Logging Type. */ type: string; } export interface OrgLoggingElasticLoggingGeneric { /** * Full Link to a secret of type `userpass`. */ credentials: string; /** * A valid Elastic Search provider hostname. */ host: string; /** * Logging Index. */ index: string; /** * Logging path. */ path: string; /** * Port. Default: 443 */ port: number; /** * Logging Type. */ type: string; } export interface OrgLoggingFluentdLogging { /** * The hostname or IP address of a remote log storage system. */ host: string; /** * Port. Default: 24224 */ port: number; } export interface OrgLoggingLogzioLogging { /** * Full link to referenced Opaque Secret. */ credentials: string; /** * Logzio listener host URI. */ listenerHost: string; } export interface OrgLoggingOpentelemetryLogging { /** * Full link to a secret of type `opaque`. */ credentials?: string; /** * OpenTelemetry collector endpoint URI. */ endpoint: string; /** * Custom headers to include in OpenTelemetry export requests. */ headers?: { [key: string]: string; }; } export interface OrgLoggingS3Logging { /** * Name of S3 bucket. */ bucket: string; /** * Full link to referenced AWS Secret. */ credentials: string; /** * Bucket path prefix. Default: "/". */ prefix: string; /** * AWS region where bucket is located. */ region: string; } export interface OrgLoggingStackdriverLogging { /** * Full Link to a secret of type `opaque`. */ credentials: string; /** * A Google Cloud Provider region. */ location: string; } export interface OrgLoggingSyslogLogging { /** * Log Format. Valid values: RFC3164 or RFC5424. */ format: string; /** * Hostname of Syslog Endpoint. */ host: string; /** * Log Mode. Valid values: TCP, TLS, or UDP. */ mode: string; /** * Port of Syslog Endpoint. */ port: number; /** * Severity Level. See documentation for details. Valid values: 0 to 7. */ severity: number; } export interface OrgObservability { /** * These emails are configured as alert recipients in Grafana when the 'grafana-default-email' contact delivery type is 'Email'. */ defaultAlertEmails: string[]; /** * Log retention days. Default: 30 */ logsRetentionDays: number; /** * Metrics retention days. Default: 30 */ metricsRetentionDays: number; /** * Traces retention days. Default: 30 */ tracesRetentionDays: number; } export interface OrgSecurity { threatDetection?: outputs.OrgSecurityThreatDetection; } export interface OrgSecurityThreatDetection { /** * Indicates whether threat detection should be forwarded or not. */ enabled: boolean; /** * Any threats with this severity and more severe will be sent. Others will be ignored. Valid values: `warning`, `error`, or `critical`. */ minimumSeverity?: string; /** * Configuration for syslog forwarding. */ syslog?: outputs.OrgSecurityThreatDetectionSyslog; } export interface OrgSecurityThreatDetectionSyslog { /** * The hostname to send syslog messages to. */ host: string; /** * The port to send syslog messages to. */ port: number; /** * The transport-layer protocol to send the syslog messages over. If TCP is chosen, messages will be sent with TLS. Default: `tcp`. */ transport: string; } export interface OrgStatus { /** * The link of the account the org belongs to. */ accountLink: string; /** * Indicates whether the org is active or not. */ active: boolean; endpointPrefix: string; } export interface OrgTracingControlplaneTracing { /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface OrgTracingLightstepTracing { /** * Full link to referenced Opaque Secret. */ credentials?: string; /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Tracing Endpoint Workload. Either the canonical endpoint or internal endpoint. */ endpoint: string; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface OrgTracingOtelTracing { /** * Key-value map of custom tags. */ customTags?: { [key: string]: string; }; /** * Tracing Endpoint Workload. Either the canonical endpoint or internal endpoint. */ endpoint: string; /** * Determines what percentage of requests should be traced. */ sampling: number; } export interface PolicyBinding { /** * List of permissions to allow. */ permissions: string[]; /** * List of the principals this binding will be applied to. Principal links format: `group/GROUP_NAME`, `user/USER_EMAIL`, `gvc/GVC_NAME/identity/IDENTITY_NAME`, `serviceaccount/SERVICE_ACCOUNT_NAME`. */ principalLinks: string[]; } export interface PolicyTargetQuery { /** * Type of fetch. Specify either: `links` or `items`. Default: `items`. */ fetch: string; spec?: outputs.PolicyTargetQuerySpec; } export interface PolicyTargetQuerySpec { /** * Type of match. Available values: `all`, `any`, `none`. Default: `all`. */ match: string; /** * Terms can only contain one of the following attributes: `property`, `rel`, `tag`. */ terms?: outputs.PolicyTargetQuerySpecTerm[]; } export interface PolicyTargetQuerySpecTerm { /** * Type of query operation. Available values: `=`, `>`, `>=`, `<`, `<=`, `!=`, `~`, `=~`, `exists`, `!exists`, `contains`. Default: `=`. */ op: string; /** * Property to use for query evaluation. */ property?: string; /** * Relation to use for query evaluation. */ rel?: string; /** * Tag key to use for query evaluation. */ tag?: string; /** * Testing value for query evaluation. */ value?: string; } export interface SecretAws { /** * Access Key provided by AWS. */ accessKey: string; /** * AWS IAM Role External ID. */ externalId?: string; /** * Role ARN provided by AWS. */ roleArn: string; /** * Secret Key provided by AWS. */ secretKey: string; } export interface SecretAzureConnector { /** * Code/Key to authenticate to deployment URL. */ code: string; /** * Deployment URL. */ url: string; } export interface SecretEcr { /** * Access Key provided by AWS. */ accessKey: string; /** * AWS IAM Role External ID. Used when setting up cross-account access to your ECR repositories. */ externalId?: string; /** * List of ECR repositories. */ repos: string[]; /** * Role ARN provided by AWS. */ roleArn: string; /** * Secret Key provided by AWS. */ secretKey: string; } export interface SecretKeypair { /** * Passphrase for private key. */ passphrase?: string; /** * Public Key. */ publicKey?: string; /** * Secret/Private Key. */ secretKey: string; } export interface SecretNatsAccount { /** * Account ID. */ accountId: string; /** * Private Key. */ privateKey: string; } export interface SecretOpaque { /** * Available encodings: `plain`, `base64`. Default: `plain`. */ encoding: string; /** * Plain text or base64 encoded string. Use `encoding` attribute to specify encoding. */ payload: string; } export interface SecretTls { /** * Public Certificate. */ cert: string; /** * Chain Certificate. */ chain?: string; /** * Private Certificate. */ key: string; } export interface SecretUserpass { /** * Available encodings: `plain`, `base64`. Default: `plain`. */ encoding: string; /** * Password. */ password: string; /** * Username. */ username: string; } export interface VolumeSetAutoscaling { /** * The maximum size in GB for a volume in this set. A volume cannot grow to be bigger than this value. Minimum value: `10`. */ maxCapacity?: number; /** * The guaranteed free space on the volume as a percentage of the volume's total size. Control Plane will try to maintain at least that many percent free by scaling up the total size. Minimum percentage: `1`. Maximum Percentage: `100`. */ minFreePercentage?: number; /** * Predictive scaling configuration. When enabled, proactively expands volumes based on historical growth rate projections. */ predictive?: outputs.VolumeSetAutoscalingPredictive; /** * When scaling is necessary, then `newCapacity = currentCapacity * storageScalingFactor`. Minimum value: `1.1`. */ scalingFactor?: number; } export interface VolumeSetAutoscalingPredictive { /** * Enable predictive scaling based on historical growth rates. Default: `false`. */ enabled: boolean; /** * Hours of historical data to analyze. Default: `24`. Max: `168` (1 week). */ lookbackHours: number; /** * Minimum data points required for reliable growth rate calculation. Default: `10`. */ minDataPoints: number; /** * Minimum growth rate (GB/hour) to trigger predictive expansion. Default: `0.01`. */ minGrowthRateGbPerHour: number; /** * Hours into the future to project storage needs. Default: `6`. */ projectionHours: number; /** * Scaling factor for predictive expansion. If not set, uses the parent autoscaling scaling_factor. Use a lower value (e.g., `1.2`) for gentler proactive scaling. */ scalingFactor?: number; } export interface VolumeSetCustomEncryption { /** * Map of region identifiers to encryption key configuration. */ regions: { [key: string]: outputs.VolumeSetCustomEncryptionRegions; }; } export interface VolumeSetCustomEncryptionRegions { keyId: string; } export interface VolumeSetMountOptions { /** * For volume sets using the shared file system, this object specifies the CPU and memory resources allotted to each mount point. */ resources?: outputs.VolumeSetMountOptionsResources; } export interface VolumeSetMountOptionsResources { maxCpu: string; maxMemory: string; minCpu: string; minMemory: string; } export interface VolumeSetSnapshots { /** * If true, a volume snapshot will be created immediately before deletion of any volume in this set. Default: `true` */ createFinalSnapshot: boolean; /** * The default retention period for volume snapshots. This string should contain a floating point number followed by either d, h, or m. For example, "10d" would retain snapshots for 10 days. */ retentionDuration?: string; /** * A standard cron schedule expression used to determine when a snapshot will be taken. (i.e., `0 * * * *` Every hour). Note: snapshots cannot be scheduled more often than once per hour. */ schedule?: string; } export interface VolumeSetStatus { /** * Uniquely identifies the connection between the volume set and its workload. Every time a new connection is made, a new id is generated (e.g., If a workload is updated to remove the volume set, then updated again to reattach it, the volume set will have a new binding id). */ bindingId: string; /** * Contains a list of actual volumes grouped by location. */ locations: string[]; /** * The GVC ID. */ parentId: string; /** * The url of the workload currently using this volume set (if any). */ usedByWorkload: string; /** * Contains a list of workload links that are using this volume set. */ workloadLinks: string[]; } export interface WorkloadContainer { /** * Command line arguments passed to the container at runtime. Replaces the CMD arguments of the running container. It is an ordered list. */ args?: string[]; /** * Override the entry point. */ command?: string; /** * Reserved CPU of the workload when capacityAI is disabled. Maximum CPU when CapacityAI is enabled. Default: "50m". */ cpu: string; /** * Name-Value list of environment variables. */ env?: { [key: string]: string; }; gpuCustom?: outputs.WorkloadContainerGpuCustom; /** * GPUs manufactured by NVIDIA, which are specialized hardware accelerators used to offload and accelerate computationally intensive tasks within the workload. */ gpuNvidia?: outputs.WorkloadContainerGpuNvidia; /** * The full image and tag path. Required for all workload types except `vm`, which boots from `vm.boot_disk.source` instead. */ image?: string; /** * Enables inheritance of GVC environment variables. A variable in spec.env will override a GVC variable with the same name. */ inheritEnv: boolean; /** * Lifecycle [Reference Page](https://docs.controlplane.com/reference/workload#lifecycle). */ lifecycle?: outputs.WorkloadContainerLifecycle; /** * Liveness Probe */ livenessProbe?: outputs.WorkloadContainerLivenessProbe; /** * Reserved memory of the workload when capacityAI is disabled. Maximum memory when CapacityAI is enabled. Default: "128Mi". */ memory: string; /** * [Reference Page](https://docs.controlplane.com/reference/workload#metrics). */ metrics?: outputs.WorkloadContainerMetrics; /** * Minimum CPU when capacity AI is enabled. */ minCpu?: string; /** * Minimum memory when capacity AI is enabled. */ minMemory?: string; /** * Name of the container. */ name: string; /** * The port the container exposes. Only one container is allowed to specify a port. Min: `80`. Max: `65535`. Used by `serverless` Workload type. **DEPRECATED - Use `ports`.** * * @deprecated The 'port' attribute will be deprecated in the next major version. Use the 'ports' attribute instead. */ port?: number; /** * Communication endpoints used by the workload to send and receive network traffic. */ ports?: outputs.WorkloadContainerPort[]; /** * Readiness Probe */ readinessProbe?: outputs.WorkloadContainerReadinessProbe; /** * Mount Object Store (S3, GCS, AzureBlob) buckets as file system. */ volumes?: outputs.WorkloadContainerVolume[]; /** * Override the working directory. Must be an absolute path. */ workingDirectory?: string; } export interface WorkloadContainerGpuCustom { /** * Number of GPUs. */ quantity: number; resource: string; runtimeClass?: string; } export interface WorkloadContainerGpuNvidia { /** * GPU Model (i.e.: t4) */ model: string; /** * Number of GPUs. */ quantity: number; } export interface WorkloadContainerLifecycle { postStart?: outputs.WorkloadContainerLifecyclePostStart; preStop?: outputs.WorkloadContainerLifecyclePreStop; } export interface WorkloadContainerLifecyclePostStart { exec?: outputs.WorkloadContainerLifecyclePostStartExec; } export interface WorkloadContainerLifecyclePostStartExec { /** * Command and arguments executed immediately after the container is created. */ commands: string[]; } export interface WorkloadContainerLifecyclePreStop { exec?: outputs.WorkloadContainerLifecyclePreStopExec; } export interface WorkloadContainerLifecyclePreStopExec { /** * Command and arguments executed immediately before the container is stopped. */ commands: string[]; } export interface WorkloadContainerLivenessProbe { exec?: outputs.WorkloadContainerLivenessProbeExec; failureThreshold: number; grpc?: outputs.WorkloadContainerLivenessProbeGrpc; httpGet?: outputs.WorkloadContainerLivenessProbeHttpGet; initialDelaySeconds: number; periodSeconds: number; successThreshold: number; tcpSocket?: outputs.WorkloadContainerLivenessProbeTcpSocket; timeoutSeconds: number; } export interface WorkloadContainerLivenessProbeExec { commands: string[]; } export interface WorkloadContainerLivenessProbeGrpc { port?: number; } export interface WorkloadContainerLivenessProbeHttpGet { httpHeaders?: { [key: string]: string; }; path: string; port: number; scheme: string; } export interface WorkloadContainerLivenessProbeTcpSocket { port?: number; } export interface WorkloadContainerMetrics { /** * Drop metrics that match given patterns. */ dropMetrics?: string[]; /** * Path from container emitting custom metrics. */ path: string; /** * Port from container emitting custom metrics. */ port: number; } export interface WorkloadContainerPort { /** * Port to expose. */ number: number; /** * Protocol. Choice of: `http`, `http2`, `tcp`, or `grpc`. */ protocol: string; } export interface WorkloadContainerReadinessProbe { exec?: outputs.WorkloadContainerReadinessProbeExec; failureThreshold: number; grpc?: outputs.WorkloadContainerReadinessProbeGrpc; httpGet?: outputs.WorkloadContainerReadinessProbeHttpGet; initialDelaySeconds: number; periodSeconds: number; successThreshold: number; tcpSocket?: outputs.WorkloadContainerReadinessProbeTcpSocket; timeoutSeconds: number; } export interface WorkloadContainerReadinessProbeExec { commands: string[]; } export interface WorkloadContainerReadinessProbeGrpc { port?: number; } export interface WorkloadContainerReadinessProbeHttpGet { httpHeaders?: { [key: string]: string; }; path: string; port: number; scheme: string; } export interface WorkloadContainerReadinessProbeTcpSocket { port?: number; } export interface WorkloadContainerVolume { /** * VM disk boot order. Only valid for `vm` workloads. Valid values: `1` - `16`. */ bootOrder?: number; /** * VM disk bus. Only valid for `vm` workloads. A `cpln://secret/` volume on a `sata` or `scsi` bus is presented to the guest as a read-only CD-ROM. Valid values: `virtio`, `sata`, `scsi`. */ bus?: string; /** * VM disk name. Required for `vm` workloads; rejected for other workload types. */ name?: string; /** * File path added to workload pointing to the volume. Required for non-`vm` workloads; rejected for `vm` workloads (the volume is attached to the VM as a block device). */ path?: string; /** * Only applicable to persistent volumes, this determines what Control Plane will do when creating a new workload replica if a corresponding volume exists. Available Values: `retain`, `recycle`. Default: `retain`. **DEPRECATED - No longer being used.** */ recoveryPolicy: string; /** * URI of a volume hosted at Control Plane (Volume Set) or at a cloud provider (AWS, Azure, GCP). */ uri: string; } export interface WorkloadFirewallSpec { /** * The external firewall is used to control inbound and outbound access to the workload for public-facing traffic. */ external?: outputs.WorkloadFirewallSpecExternal; /** * The internal firewall is used to control access between workloads. */ internal?: outputs.WorkloadFirewallSpecInternal; } export interface WorkloadFirewallSpecExternal { /** * Firewall options for HTTP workloads. */ http?: outputs.WorkloadFirewallSpecExternalHttp; /** * The list of ipv4/ipv6 addresses or cidr blocks that are allowed to access this workload. No external access is allowed by default. Specify '0.0.0.0/0' to allow access to the public internet. */ inboundAllowCidrs: string[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that are NOT allowed to access this workload. Addresses in the allow list will only be allowed if they do not exist in this list. */ inboundBlockedCidrs: string[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that this workload is allowed reach. No outbound access is allowed by default. Specify '0.0.0.0/0' to allow outbound access to the public internet. */ outboundAllowCidrs: string[]; /** * The list of public hostnames that this workload is allowed to reach. No outbound access is allowed by default. A wildcard `*` is allowed on the prefix of the hostname only, ex: `*.amazonaws.com`. Use `outboundAllowCIDR` to allow access to all external websites. */ outboundAllowHostnames: string[]; /** * Allow outbound access to specific ports and protocols. When not specified, communication to address ranges in outboundAllowCIDR is allowed on all ports and communication to names in outboundAllowHostname is allowed on ports 80/443. */ outboundAllowPorts?: outputs.WorkloadFirewallSpecExternalOutboundAllowPort[]; /** * The list of ipv4/ipv6 addresses or cidr blocks that this workload is NOT allowed to reach. Addresses in the allow list will only be allowed if they do not exist in this list. */ outboundBlockedCidrs: string[]; } export interface WorkloadFirewallSpecExternalHttp { /** * A list of header filters for HTTP workloads. */ inboundHeaderFilters?: outputs.WorkloadFirewallSpecExternalHttpInboundHeaderFilter[]; } export interface WorkloadFirewallSpecExternalHttpInboundHeaderFilter { /** * A list of regular expressions to match for allowed header values. Headers that do not match ANY of these values will be filtered and will not reach the workload. */ allowedValues?: string[]; /** * A list of regular expressions to match for blocked header values. Headers that match ANY of these values will be filtered and will not reach the workload. */ blockedValues?: string[]; /** * The header to match for. */ key: string; } export interface WorkloadFirewallSpecExternalOutboundAllowPort { /** * Port number. Max: 65000 */ number: number; /** * Either `http`, `https` or `tcp`. */ protocol: string; } export interface WorkloadFirewallSpecInternal { /** * Used to control the internal firewall configuration and mutual tls. Allowed Values: "none", "same-gvc", "same-org", "workload-list". */ inboundAllowType: string; /** * A list of specific workloads which are allowed to access this workload internally. This list is only used if the 'inboundAllowType' is set to 'workload-list'. */ inboundAllowWorkloads: string[]; } export interface WorkloadJob { /** * The maximum number of seconds Control Plane will wait for the job to complete. If a job does not succeed or fail in the allotted time, Control Plane will stop the job, moving it into the Removed status. */ activeDeadlineSeconds?: number; /** * Either 'Forbid', 'Replace', or 'Allow'. This determines what Control Plane will do when the schedule requires a job to start, while a prior instance of the job is still running. */ concurrencyPolicy: string; /** * The maximum number of completed job instances to display. This should be an integer between 1 and 10. Default: `5`. */ historyLimit: number; /** * Either 'OnFailure' or 'Never'. This determines what Control Plane will do when a job instance fails. Enum: [ OnFailure, Never ] Default: `Never`. */ restartPolicy: string; /** * A standard cron [schedule expression](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-syntax) used to determine when your job should execute. */ schedule: string; } export interface WorkloadLoadBalancer { /** * Direct load balancers are created in each location that a workload is running in and are configured for the standard endpoints of the workload. Customers are responsible for configuring the workload with certificates if TLS is required. */ direct?: outputs.WorkloadLoadBalancerDirect; geoLocation?: outputs.WorkloadLoadBalancerGeoLocation; /** * When enabled, individual replicas of the workload can be reached directly using the subdomain prefix replica-. For example, replica-0.my-workload.my-gvc.cpln.local or replica-0.my-workload-.cpln.app - Can only be used with stateful workloads. */ replicaDirect: boolean; } export interface WorkloadLoadBalancerDirect { /** * When disabled, this load balancer will be stopped. */ enabled: boolean; ipset?: string; /** * List of ports that will be exposed by this load balancer. */ ports?: outputs.WorkloadLoadBalancerDirectPort[]; } export interface WorkloadLoadBalancerDirectPort { /** * The port on the container tha will receive this traffic. */ containerPort?: number; /** * The port that is available publicly. */ externalPort: number; /** * The protocol that is exposed publicly. */ protocol: string; /** * Overrides the default `https` url scheme that will be used for links in the UI and status. */ scheme?: string; } export interface WorkloadLoadBalancerGeoLocation { /** * When enabled, geo location headers will be included on inbound http requests. Existing headers will be replaced. */ enabled: boolean; headers?: outputs.WorkloadLoadBalancerGeoLocationHeaders; } export interface WorkloadLoadBalancerGeoLocationHeaders { /** * The geo asn header. */ asn?: string; /** * The geo city header. */ city?: string; /** * The geo country header. */ country?: string; /** * The geo region header. */ region?: string; } export interface WorkloadLocalOption { /** * Auto-scaling adjusts horizontal scaling based on a set strategy, target value, and possibly a metric percentile. */ autoscaling?: outputs.WorkloadLocalOptionAutoscaling; /** * Capacity AI. Default: `true`. */ capacityAi: boolean; /** * The highest frequency capacity AI is allowed to update resource reservations when CapacityAI is enabled. */ capacityAiUpdateMinutes?: number; /** * Debug mode. Default: `false`. */ debug: boolean; /** * Valid only for `localOptions`. Override options for a specific location. */ location: string; multiZone?: outputs.WorkloadLocalOptionMultiZone; /** * Workload suspend. Default: `false`. */ suspend: boolean; /** * Timeout in seconds. Default: `5`. */ timeoutSeconds: number; } export interface WorkloadLocalOptionAutoscaling { /** * KEDA (Kubernetes-based Event Driven Autoscaling) allows for advanced autoscaling based on external metrics and triggers. */ keda?: outputs.WorkloadLocalOptionAutoscalingKeda; /** * A hard maximum for the number of concurrent requests allowed to a replica. If no replicas are available to fulfill the request then it will be queued until a replica with capacity is available and delivered as soon as one is available again. Capacity can be available from requests completing or when a new replica is available from scale out.Min: `0`. Max: `1000`. Default `0`. */ maxConcurrency: number; /** * The maximum allowed number of replicas. Min: `0`. Default `5`. */ maxScale: number; /** * Valid values: `concurrency`, `cpu`, `memory`, `rps`, `latency`, `keda` or `disabled`. */ metric: string; /** * For metrics represented as a distribution (e.g. latency) a percentile within the distribution must be chosen as the target. */ metricPercentile?: string; /** * The minimum allowed number of replicas. Control Plane can scale the workload down to 0 when there is no traffic and scale up immediately to fulfill new requests. Min: `0`. Max: `maxScale`. Default `1`. */ minScale: number; multis?: outputs.WorkloadLocalOptionAutoscalingMulti[]; /** * The amount of time (in seconds) with no requests received before a workload is scaled to 0. Min: `30`. Max: `3600`. Default: `300`. */ scaleToZeroDelay: number; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. Default: `95`. */ target: number; } export interface WorkloadLocalOptionAutoscalingKeda { /** * Advanced configuration options for KEDA. */ advanced?: outputs.WorkloadLocalOptionAutoscalingKedaAdvanced; /** * The cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ cooldownPeriod?: number; /** * Fallback configuration for KEDA. */ fallback?: outputs.WorkloadLocalOptionAutoscalingKedaFallback; /** * The initial cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ initialCooldownPeriod?: number; /** * The interval in seconds at which KEDA will poll the external metrics to determine if scaling is required. */ pollingInterval?: number; /** * An array of KEDA triggers to be used for scaling workloads in this GVC. This is used to define how KEDA will scale workloads in the GVC based on external metrics or events. Each trigger type may have its own specific configuration options. */ triggers?: outputs.WorkloadLocalOptionAutoscalingKedaTrigger[]; } export interface WorkloadLocalOptionAutoscalingKedaAdvanced { /** * Scaling modifiers allow for fine-tuning the scaling behavior of KEDA. */ scalingModifiers?: outputs.WorkloadLocalOptionAutoscalingKedaAdvancedScalingModifiers; } export interface WorkloadLocalOptionAutoscalingKedaAdvancedScalingModifiers { /** * Defines the new activation target value to scale on for the composed metric. */ activationTarget?: string; /** * Composes metrics together and allows them to be modified/manipulated. It accepts mathematical/conditional statements. */ formula?: string; /** * Defines metric type used for this new composite-metric. */ metricType?: string; /** * Defines new target value to scale on for the composed metric. */ target?: string; } export interface WorkloadLocalOptionAutoscalingKedaFallback { /** * Behavior to apply when fallback is triggered. */ behavior?: string; /** * Number of consecutive failures required to trigger fallback behavior. */ failureThreshold: number; /** * Number of replicas to scale to when fallback is triggered. */ replicas: number; } export interface WorkloadLocalOptionAutoscalingKedaTrigger { /** * Reference to a KEDA authentication object for secure access to external systems. */ authenticationRef?: outputs.WorkloadLocalOptionAutoscalingKedaTriggerAuthenticationRef; /** * The configuration parameters that the trigger requires. */ metadata?: { [key: string]: string; }; /** * The type of metric to be used for scaling. */ metricType?: string; /** * An optional name for the trigger. If not provided, a default name will be generated based on the trigger type. */ name?: string; /** * The type of KEDA trigger, e.g "prometheus", "aws-sqs", etc. */ type: string; /** * Enables caching of metric values during polling interval. */ useCachedMetrics?: boolean; } export interface WorkloadLocalOptionAutoscalingKedaTriggerAuthenticationRef { /** * The name of secret listed in the GVC spec.keda.secrets. */ name: string; } export interface WorkloadLocalOptionAutoscalingMulti { /** * Valid values: `cpu` or `memory`. */ metric?: string; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. */ target?: number; } export interface WorkloadLocalOptionMultiZone { enabled: boolean; } export interface WorkloadOptions { /** * Auto-scaling adjusts horizontal scaling based on a set strategy, target value, and possibly a metric percentile. */ autoscaling?: outputs.WorkloadOptionsAutoscaling; /** * Capacity AI. Default: `true`. */ capacityAi: boolean; /** * The highest frequency capacity AI is allowed to update resource reservations when CapacityAI is enabled. */ capacityAiUpdateMinutes?: number; /** * Debug mode. Default: `false`. */ debug: boolean; multiZone?: outputs.WorkloadOptionsMultiZone; /** * Workload suspend. Default: `false`. */ suspend: boolean; /** * Timeout in seconds. Default: `5`. */ timeoutSeconds: number; } export interface WorkloadOptionsAutoscaling { /** * KEDA (Kubernetes-based Event Driven Autoscaling) allows for advanced autoscaling based on external metrics and triggers. */ keda?: outputs.WorkloadOptionsAutoscalingKeda; /** * A hard maximum for the number of concurrent requests allowed to a replica. If no replicas are available to fulfill the request then it will be queued until a replica with capacity is available and delivered as soon as one is available again. Capacity can be available from requests completing or when a new replica is available from scale out.Min: `0`. Max: `1000`. Default `0`. */ maxConcurrency: number; /** * The maximum allowed number of replicas. Min: `0`. Default `5`. */ maxScale: number; /** * Valid values: `concurrency`, `cpu`, `memory`, `rps`, `latency`, `keda` or `disabled`. */ metric: string; /** * For metrics represented as a distribution (e.g. latency) a percentile within the distribution must be chosen as the target. */ metricPercentile?: string; /** * The minimum allowed number of replicas. Control Plane can scale the workload down to 0 when there is no traffic and scale up immediately to fulfill new requests. Min: `0`. Max: `maxScale`. Default `1`. */ minScale: number; multis?: outputs.WorkloadOptionsAutoscalingMulti[]; /** * The amount of time (in seconds) with no requests received before a workload is scaled to 0. Min: `30`. Max: `3600`. Default: `300`. */ scaleToZeroDelay: number; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. Default: `95`. */ target: number; } export interface WorkloadOptionsAutoscalingKeda { /** * Advanced configuration options for KEDA. */ advanced?: outputs.WorkloadOptionsAutoscalingKedaAdvanced; /** * The cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ cooldownPeriod?: number; /** * Fallback configuration for KEDA. */ fallback?: outputs.WorkloadOptionsAutoscalingKedaFallback; /** * The initial cooldown period in seconds after scaling down to 0 replicas before KEDA will allow scaling up again. */ initialCooldownPeriod?: number; /** * The interval in seconds at which KEDA will poll the external metrics to determine if scaling is required. */ pollingInterval?: number; /** * An array of KEDA triggers to be used for scaling workloads in this GVC. This is used to define how KEDA will scale workloads in the GVC based on external metrics or events. Each trigger type may have its own specific configuration options. */ triggers?: outputs.WorkloadOptionsAutoscalingKedaTrigger[]; } export interface WorkloadOptionsAutoscalingKedaAdvanced { /** * Scaling modifiers allow for fine-tuning the scaling behavior of KEDA. */ scalingModifiers?: outputs.WorkloadOptionsAutoscalingKedaAdvancedScalingModifiers; } export interface WorkloadOptionsAutoscalingKedaAdvancedScalingModifiers { /** * Defines the new activation target value to scale on for the composed metric. */ activationTarget?: string; /** * Composes metrics together and allows them to be modified/manipulated. It accepts mathematical/conditional statements. */ formula?: string; /** * Defines metric type used for this new composite-metric. */ metricType?: string; /** * Defines new target value to scale on for the composed metric. */ target?: string; } export interface WorkloadOptionsAutoscalingKedaFallback { /** * Behavior to apply when fallback is triggered. */ behavior?: string; /** * Number of consecutive failures required to trigger fallback behavior. */ failureThreshold: number; /** * Number of replicas to scale to when fallback is triggered. */ replicas: number; } export interface WorkloadOptionsAutoscalingKedaTrigger { /** * Reference to a KEDA authentication object for secure access to external systems. */ authenticationRef?: outputs.WorkloadOptionsAutoscalingKedaTriggerAuthenticationRef; /** * The configuration parameters that the trigger requires. */ metadata?: { [key: string]: string; }; /** * The type of metric to be used for scaling. */ metricType?: string; /** * An optional name for the trigger. If not provided, a default name will be generated based on the trigger type. */ name?: string; /** * The type of KEDA trigger, e.g "prometheus", "aws-sqs", etc. */ type: string; /** * Enables caching of metric values during polling interval. */ useCachedMetrics?: boolean; } export interface WorkloadOptionsAutoscalingKedaTriggerAuthenticationRef { /** * The name of secret listed in the GVC spec.keda.secrets. */ name: string; } export interface WorkloadOptionsAutoscalingMulti { /** * Valid values: `cpu` or `memory`. */ metric?: string; /** * Control Plane will scale the number of replicas for this deployment up/down in order to be as close as possible to the target metric across all replicas of a deployment. Min: `1`. Max: `20000`. */ target?: number; } export interface WorkloadOptionsMultiZone { enabled: boolean; } export interface WorkloadRequestRetryPolicy { attempts: number; retryOns: string[]; } export interface WorkloadRolloutOption { /** * The number of replicas that can be created above the desired amount of replicas during an update. */ maxSurgeReplicas?: string; /** * The number of replicas that can be unavailable during the update process. */ maxUnavailableReplicas?: string; /** * The minimum number of seconds a container must run without crashing to be considered available. */ minReadySeconds: number; /** * The strategies used to update applications and services deployed. Valid values: `OrderedReady` (Updates workloads in a rolling fashion, taking down old ones and bringing up new ones incrementally, ensuring that the service remains available during the update.), `Parallel` (Causes all pods affected by a scaling operation to be created or destroyed simultaneously. This does not affect update operations.). Default: `OrderedReady`. */ scalingPolicy: string; /** * The amount of time in seconds a workload has to gracefully terminate before forcefully terminating it. This includes the time it takes for the preStop hook to run. Valid values: `0` - `3600`. Default: `90`. Note: the API caps this at `900` unless the workload is tagged with `cpln/relaxGracePeriodMax`. */ terminationGracePeriodSeconds: number; } export interface WorkloadSecurityOptions { /** * The group id assigned to any mounted volume. */ fileSystemGroupId?: number; /** * The user id assigned to all container processes. */ runAsUser?: number; } export interface WorkloadSidecar { envoy: string; } export interface WorkloadStatus { /** * Canonical endpoint for the workload. */ canonicalEndpoint: string; /** * Current amount of replicas deployed. */ currentReplicaCount: number; /** * Endpoint for the workload. */ endpoint: string; /** * Current health status. */ healthChecks: outputs.WorkloadStatusHealthCheck[]; /** * Internal hostname for the workload. Used for service-to-service requests. */ internalName: string; loadBalancers: outputs.WorkloadStatusLoadBalancer[]; /** * ID of the parent object. */ parentId: string; replicaInternalNames: string[]; /** * Resolved images for workloads with dynamic tags enabled. */ resolvedImages: outputs.WorkloadStatusResolvedImage[]; /** * Computed suspension state of the workload. Valid values: `notSuspended`, `partiallySuspended`, `suspended`. */ suspendedStatus: string; } export interface WorkloadStatusHealthCheck { /** * Active boolean for the associated workload. */ active: boolean; /** * Current output code for the associated workload. */ code: number; /** * Failure integer for the associated workload. */ failures: number; /** * Timestamp in UTC of the last health check. */ lastChecked: string; /** * Current health status for the associated workload. */ message: string; /** * Success boolean for the associated workload. */ success: boolean; /** * Success integer for the associated workload. */ successes: number; } export interface WorkloadStatusLoadBalancer { origin: string; url: string; } export interface WorkloadStatusResolvedImage { errorMessages: string[]; /** * A list of images that were resolved. */ images: outputs.WorkloadStatusResolvedImageImage[]; nextRetryAt: string; /** * UTC Time when the images were resolved. */ resolvedAt: string; /** * Workload version the images were resolved for. */ resolvedForVersion: number; } export interface WorkloadStatusResolvedImageImage { /** * A unique SHA256 hash value that identifies a specific image content. This digest serves as a fingerprint of the image's content, ensuring the image you pull or run is exactly what you expect, without any modifications or corruptions. */ digest: string; manifests: outputs.WorkloadStatusResolvedImageImageManifest[]; } export interface WorkloadStatusResolvedImageImageManifest { /** * A SHA256 hash that uniquely identifies the specific image manifest. */ digest: string; /** * The name and tag of the resolved image. */ image: string; /** * The MIME type used in the Docker Registry HTTP API to specify the format of the data being sent or received. Docker uses media types to distinguish between different kinds of JSON objects and binary data formats within the registry protocol, enabling the Docker client and registry to understand and process different components of Docker images correctly. */ mediaType: string; /** * Key-value map of strings. The combination of the operating system and architecture for which the image is built. */ platform: { [key: string]: string; }; } export interface WorkloadVm { /** * SSH public keys injected at runtime via the guest agent or config drive. */ accessCredentials?: outputs.WorkloadVmAccessCredential[]; /** * Boot disk configuration. When `source` is omitted, `containers[0].image` is used as an OCI containerDisk. */ bootDisk?: outputs.WorkloadVmBootDisk; /** * Guest clock configuration. */ clock?: outputs.WorkloadVmClock; /** * Cloud-init configuration for the guest. Exactly one of `userData`, `userDataBase64`, or `userDataSecret` must be specified. */ cloudInit?: outputs.WorkloadVmCloudInit; /** * CPU topology visible to the guest. Cores are derived from `containers[0].cpu`. */ cpu?: outputs.WorkloadVmCpu; /** * Firmware configuration for the guest. */ firmware?: outputs.WorkloadVmFirmware; /** * Guest operating system family. Drives the per-OS cloud-init payload. Valid values: `linux`, `windows`. Default: `linux`. */ guestOs: string; /** * Hostname reported to the guest. */ hostname?: string; /** * Pod-network interfaces for the VM. Only a single network is supported. */ networks?: outputs.WorkloadVmNetwork[]; /** * KubeVirt RunStrategy. Use `Halted` to keep the pool defined but powered off. Valid values: `Always`, `RerunOnFailure`, `Manual`, `Halted`. Default: `Always`. */ runStrategy: string; /** * Subdomain used by the guest for replica-to-replica addressing. */ subdomain?: string; } export interface WorkloadVmAccessCredential { /** * Delivery method for the access credential. Valid values: `qemuGuestAgent`, `configDrive`. Default: `qemuGuestAgent`. */ deliveryMethod: string; /** * Secret containing the SSH public keys to inject. */ sshPublicKeySecret: string; /** * Guest OS users the SSH public keys are injected for. */ users: string[]; } export interface WorkloadVmBootDisk { /** * Boot order of the boot disk. Valid values: `1` - `16`. Default: `1`. */ bootOrder: number; /** * Disk bus exposed to the guest. Valid values: `virtio`, `sata`, `scsi`. Default: `virtio`. */ bus: string; /** * Per-replica boot PVC populated via CDI. Required for any non-OCI source. */ persist?: outputs.WorkloadVmBootDiskPersist; /** * Boot disk image source. Exactly one of `oci` or `http` must be specified. */ source?: outputs.WorkloadVmBootDiskSource; } export interface WorkloadVmBootDiskPersist { /** * VolumeSet URI used to provision one PVC per replica for the boot disk. Format: `cpln://volumeset/`. */ volumeSet: string; } export interface WorkloadVmBootDiskSource { /** * Boot disk image fetched over HTTP/HTTPS. Requires `persist.volume_set`. */ http?: outputs.WorkloadVmBootDiskSourceHttp; /** * Boot from an OCI containerDisk image. */ oci?: outputs.WorkloadVmBootDiskSourceOci; } export interface WorkloadVmBootDiskSourceHttp { /** * Disk image checksum, formatted as `sha256:` or `sha512:`. */ checksum?: string; /** * HTTP/HTTPS URL of the boot disk image. */ url: string; } export interface WorkloadVmBootDiskSourceOci { /** * Full image reference of a containerDisk (e.g., `quay.io/containerdisks/ubuntu:22.04` or `/org//image/:`). */ image: string; } export interface WorkloadVmClock { /** * Guest timezone. Default: `UTC`. */ timezone: string; } export interface WorkloadVmCloudInit { /** * SSH public keys injected via cloud-init. Each Secret may carry one or more keys. */ sshPublicKeySecrets?: string[]; /** * Inline cloud-init user-data. Not encrypted at rest in the data-service - use `userDataSecret` for sensitive payloads. */ userData?: string; /** * Inline cloud-init user-data, base64-encoded. Same caveats as `userData`. */ userDataBase64?: string; /** * Secret containing cloud-init user-data (key: `userdata` or `user-data`). */ userDataSecret?: string; } export interface WorkloadVmCpu { /** * CPU sockets visible to the guest. Valid values: `1` - `32`. */ sockets?: number; /** * CPU threads per core visible to the guest. Valid values: `1` - `8`. */ threads?: number; } export interface WorkloadVmFirmware { /** * Bootloader used by the guest. Valid values: `bios`, `efi`. Default: `efi`. */ bootloader: string; /** * Enable UEFI Secure Boot. Default: `false`. */ secureBoot: boolean; /** * SMBIOS system serial number reported to the guest. */ serial?: string; /** * SMBIOS system information reported to the guest. */ smbios?: outputs.WorkloadVmFirmwareSmbios; /** * Fixed SMBIOS UUID for the VM. KubeVirt generates one when omitted. */ uuid?: string; } export interface WorkloadVmFirmwareSmbios { /** * SMBIOS system family. */ family?: string; /** * SMBIOS system manufacturer. */ manufacturer?: string; /** * SMBIOS system product name. */ product?: string; /** * SMBIOS system SKU. */ sku?: string; /** * SMBIOS system version. */ version?: string; } export interface WorkloadVmNetwork { /** * Network interface name. Default: `default`. */ name: string; }