Alauda DevOps Pipelines Docs

StepAction [tekton.dev/v1]

tekton.dev group

StepAction represents the actionable components of Step. The Step can only reference it from the cluster or using remote resolution.

v1alpha1 version
spec object

Spec holds the desired state of the Step from the client

args []string

Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command []string

Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

description string

Description is a user-facing description of the stepaction that may be used to populate a UI.

env []object

EnvVar represents an environment variable present in a Container.

name string required

Name of the environment variable. Must be a C_IDENTIFIER.

value string

Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom object

Source for the environment variable's value. Cannot be used if value is not empty.

configMapKeyRef object

Selects a key of a ConfigMap.

key string required

The key to select.

name string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional boolean

Specify whether the ConfigMap or its key must be defined

fieldRef object

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'], spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.

apiVersion string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath string required

Path of the field to select in the specified API version.

resourceFieldRef object

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

containerName string

Container name: required for volumes, optional for env vars

divisor

Specifies the output format of the exposed resources, defaults to "1"

resource string required

Required: resource to select

secretKeyRef object

Selects a key of a secret in the pod's namespace

key string required

The key of the secret to select from. Must be a valid secret key.

name string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional boolean

Specify whether the Secret or its key must be defined

image string

Image reference name to run for this StepAction. More info: https://kubernetes.io/docs/concepts/containers/images

params []object

ParamSpec defines arbitrary parameters needed beyond typed inputs (such as resources). Parameter values are provided by users as inputs on a TaskRun or PipelineRun.

default object

Default is the value a parameter takes if no input value is supplied. If default is set, a Task may be executed without a supplied value for the parameter.

arrayVal []string
objectVal object
stringVal string
type string

ParamType indicates the type of an input parameter; Used to distinguish between a single string and an array of strings.

description string

Description is a user-facing description of the parameter that may be used to populate a UI.

enum []string

Enum declares a set of allowed param input values for tasks/pipelines that can be validated. If Enum is not set, no input validation is performed for the param.

name string required

Name declares the name by which a parameter is referenced.

properties object

Properties is the JSON Schema properties to support key-value pairs parameter.

type string

Type is the user-specified type of the parameter. The possible types are currently "string", "array" and "object", and "string" is the default.

results []object

StepResult used to describe the Results of a Step.

This is field is at an BETA stability level and gated by "enable-step-actions" feature flag.

description string

Description is a human-readable description of the result

name string required

Name the given name

properties object

Properties is the JSON Schema properties to support key-value pairs results.

type string

The possible types are 'string', 'array', and 'object', with 'string' as the default.

script string

Script is the contents of an executable file to execute.

If Script is not empty, the Step cannot have an Command and the Args will be passed to the Script.

securityContext object

SecurityContext defines the security options the Step should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ The value set in StepAction will take precedence over the value from Task.

allowPrivilegeEscalation boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is:

  1. run as Privileged
  2. has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
capabilities object

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

add []string

Added capabilities

drop []string

Removed capabilities

privileged boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

procMount string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

readOnlyRootFilesystem boolean

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

runAsGroup integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

runAsNonRoot boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

seLinuxOptions object

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

level string

Level is SELinux level label that applies to the container.

role string

Role is a SELinux role label that applies to the container.

type string

Type is a SELinux type label that applies to the container.

user string

User is a SELinux user label that applies to the container.

seccompProfile object

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

localhostProfile string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

type string required

type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

windowsOptions object

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

gmsaCredentialSpec string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

gmsaCredentialSpecName string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

hostProcess boolean

HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

runAsUserName string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

volumeMounts []object

VolumeMount describes a mounting of a Volume within a container.

mountPath string required

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name string required

This must match the Name of a Volume.

readOnly boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath string

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

subPathExpr string

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.

workingDir string

Step's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.

StepAction represents the actionable components of Step. The Step can only reference it from the cluster or using remote resolution.

v1beta1 version
spec object

Spec holds the desired state of the Step from the client

args []string

Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

command []string

Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell

description string

Description is a user-facing description of the stepaction that may be used to populate a UI.

env []object

EnvVar represents an environment variable present in a Container.

name string required

Name of the environment variable. Must be a C_IDENTIFIER.

value string

Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".

valueFrom object

Source for the environment variable's value. Cannot be used if value is not empty.

configMapKeyRef object

Selects a key of a ConfigMap.

key string required

The key to select.

name string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional boolean

Specify whether the ConfigMap or its key must be defined

fieldRef object

Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels['<KEY>'], metadata.annotations['<KEY>'], spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.

apiVersion string

Version of the schema the FieldPath is written in terms of, defaults to "v1".

fieldPath string required

Path of the field to select in the specified API version.

resourceFieldRef object

Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.

containerName string

Container name: required for volumes, optional for env vars

divisor

Specifies the output format of the exposed resources, defaults to "1"

resource string required

Required: resource to select

secretKeyRef object

Selects a key of a secret in the pod's namespace

key string required

The key of the secret to select from. Must be a valid secret key.

name string

Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

optional boolean

Specify whether the Secret or its key must be defined

image string

Image reference name to run for this StepAction. More info: https://kubernetes.io/docs/concepts/containers/images

params []object

ParamSpec defines arbitrary parameters needed beyond typed inputs (such as resources). Parameter values are provided by users as inputs on a TaskRun or PipelineRun.

default object

Default is the value a parameter takes if no input value is supplied. If default is set, a Task may be executed without a supplied value for the parameter.

arrayVal []string
objectVal object
stringVal string
type string

ParamType indicates the type of an input parameter; Used to distinguish between a single string and an array of strings.

description string

Description is a user-facing description of the parameter that may be used to populate a UI.

enum []string

Enum declares a set of allowed param input values for tasks/pipelines that can be validated. If Enum is not set, no input validation is performed for the param.

name string required

Name declares the name by which a parameter is referenced.

properties object

Properties is the JSON Schema properties to support key-value pairs parameter.

type string

Type is the user-specified type of the parameter. The possible types are currently "string", "array" and "object", and "string" is the default.

results []object

StepResult used to describe the Results of a Step.

This is field is at an BETA stability level and gated by "enable-step-actions" feature flag.

description string

Description is a human-readable description of the result

name string required

Name the given name

properties object

Properties is the JSON Schema properties to support key-value pairs results.

type string

The possible types are 'string', 'array', and 'object', with 'string' as the default.

script string

Script is the contents of an executable file to execute.

If Script is not empty, the Step cannot have an Command and the Args will be passed to the Script.

securityContext object

SecurityContext defines the security options the Step should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ The value set in StepAction will take precedence over the value from Task.

allowPrivilegeEscalation boolean

AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is:

  1. run as Privileged
  2. has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
capabilities object

The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.

add []string

Added capabilities

drop []string

Removed capabilities

privileged boolean

Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.

procMount string

procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.

readOnlyRootFilesystem boolean

Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.

runAsGroup integer

The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

runAsNonRoot boolean

Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

runAsUser integer

The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

seLinuxOptions object

The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.

level string

Level is SELinux level label that applies to the container.

role string

Role is a SELinux role label that applies to the container.

type string

Type is a SELinux type label that applies to the container.

user string

User is a SELinux user label that applies to the container.

seccompProfile object

The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.

localhostProfile string

localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.

type string required

type indicates which kind of seccomp profile will be applied. Valid options are:

Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.

windowsOptions object

The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.

gmsaCredentialSpec string

GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.

gmsaCredentialSpecName string

GMSACredentialSpecName is the name of the GMSA credential spec to use.

hostProcess boolean

HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.

runAsUserName string

The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.

volumeMounts []object

VolumeMount describes a mounting of a Volume within a container.

mountPath string required

Path within the container at which the volume should be mounted. Must not contain ':'.

mountPropagation string

mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10.

name string required

This must match the Name of a Volume.

readOnly boolean

Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false.

subPath string

Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root).

subPathExpr string

Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive.

workingDir string

Step's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.