jib-container

Modules are deprecated and will be removed in version 0.14. Please use action-based configuration instead. See the 0.12 to Bonsai migration guide for details.

Description

Extends the container type to build the image with Jib. Use this to efficiently build container images for Java services. Check out the jib example to see it in action.

The image is always built locally, directly from the source directory (see the note on that below), before shipping the container image to the right place. You can set build.tarOnly: true to only build the image as a tarball.

By default (and when not using remote building), the image is pushed to the local Docker daemon, to match the behavior of and stay compatible with normal container actions.

When using remote building with the kubernetes provider, the image is synced to the cluster (where individual layers are cached) and then pushed to the deployment registry from there. This is to make sure any registry auth works seamlessly and exactly like for normal Docker image builds.

Please consult the Jib documentation for how to configure Jib in your Gradle or Maven project.

To provide additional arguments to Gradle/Maven when building, you can set the extraFlags field.

Important note: Unlike many other types, jib-container builds are done from the source directory instead of the build staging directory, because of how Java projects are often laid out across a repository. This means build dependency copy directives are effectively ignored, and any include/exclude statements and .gardenignore files will not impact the build result. _Note that you should still configure includes, excludes and/or a .gardenignore to tell Garden which files to consider as part of the Build version hash, to correctly detect whether a new build is required.**

Below is the full schema reference. For an introduction to configuring Garden modules, please look at our Configuration guide.

The first section contains the complete YAML schema, and the second section describes each schema key.

jib-container modules also export values that are available in template strings. See the Outputs section below for details.

Complete YAML Schema

The values in the schema below are the default values.

kind: Module

# The type of this module.
type:

# The name of this module.
name:

# Specify how to build the module. Note that plugins may define additional keys on this object.
build:
  # A list of modules that must be built before this module is built.
  dependencies:
    - # Module name to build ahead of this module.
      name:

      # Specify one or more files or directories to copy from the built dependency to this module.
      copy:
        - # POSIX-style path or filename of the directory or file(s) to copy to the target.
          source:

          # POSIX-style path or filename to copy the directory or file(s), relative to the build directory.
          # Defaults to the same as source path.
          target:

  # Maximum time in seconds to wait for build to finish.
  timeout: 600

  # The type of project to build. Defaults to auto-detecting between gradle and maven (based on which
  # files/directories are found in the action root), but in some cases you may need to specify it.
  projectType: auto

  # The JDK version to use.
  #
  # The chosen version will be downloaded by Garden and used to define `JAVA_HOME` environment variable for Gradle and
  # Maven.
  #
  # To use an arbitrary JDK distribution, please use the `jdkPath` configuration option.
  jdkVersion: 11

  # The JDK home path. This **always overrides** the JDK defined in `jdkVersion`.
  #
  # The value will be used as `JAVA_HOME` environment variable for Gradle and Maven.
  jdkPath:

  # Build the image and push to a local Docker daemon (i.e. use the `jib:dockerBuild` / `jibDockerBuild` target).
  dockerBuild: false

  # Don't load or push the resulting image to a Docker daemon or registry, only build it as a tar file.
  tarOnly: false

  # Specify the image format in the resulting tar file. Only used if `tarOnly: true`.
  tarFormat: docker

  # Defines the location of the custom executable Gradle binary.
  #
  # If not provided, then the Gradle binary available in the working directory will be used.
  # If no Gradle binary found in the working dir, then Gradle 7.5.1 will be downloaded and used.
  #
  # **Note!** Either `jdkVersion` or `jdkPath` will be used to define `JAVA_HOME` environment variable for the custom
  # Gradle.
  # To ensure a system JDK usage, please set `jdkPath` to `${local.env.JAVA_HOME}`.
  gradlePath:

  # Defines the location of the custom executable Maven binary.
  #
  # If not provided, then Maven 3.8.8 will be downloaded and used.
  #
  # **Note!** Either `jdkVersion` or `jdkPath` will be used to define `JAVA_HOME` environment variable for the custom
  # Maven.
  # To ensure a system JDK usage, please set `jdkPath` to `${local.env.JAVA_HOME}`.
  mavenPath:

  # Defines the Maven phases to be executed during the Garden build step.
  mavenPhases:

  # Defines the location of the custom executable Maven Daemon binary.
  #
  # If not provided, then Maven Daemon 0.9.0 will be downloaded and used.
  #
  # **Note!** Either `jdkVersion` or `jdkPath` will be used to define `JAVA_HOME` environment variable for the custom
  # Maven Daemon.
  # To ensure a system JDK usage, please set `jdkPath` to `${local.env.JAVA_HOME}`.
  mavendPath:

  # [EXPERIMENTAL] Enable/disable concurrent Maven and Maven Daemon builds.
  #
  # Note! Concurrent builds can be unstable. This option is disabled by default.
  # This option must be configured for each Build action individually.
  concurrentMavenBuilds: false

  # Specify extra flags to pass to maven/gradle when building the container image.
  extraFlags:

# If set to true, Garden will run the build command, services, tests, and tasks in the module source directory,
# instead of in the Garden build directory (under .garden/build/<module-name>).
#
# Garden will therefore not stage the build for local modules. This means that include/exclude filters
# and ignore files are not applied to local modules, except to calculate the module/action versions.
#
# If you use use `build.dependencies[].copy` for one or more build dependencies of this module, the copied files
# will be copied to the module source directory (instead of the build directory, as is the default case when
# `local = false`).
#
# Note: This maps to the `buildAtSource` option in this module's generated Build action (if any).
local: false

# A description of the module.
description:

# Set this to `true` to disable the module. You can use this with conditional template strings to disable modules
# based on, for example, the current environment or other variables (e.g. `disabled: ${environment.name == "prod"}`).
# This can be handy when you only need certain modules for specific environments, e.g. only for development.
#
# Disabling a module means that any services, tasks and tests contained in it will not be deployed or run. It also
# means that the module is not built _unless_ it is declared as a build dependency by another enabled module (in which
# case building this module is necessary for the dependant to be built).
#
# If you disable the module, and its services, tasks or tests are referenced as _runtime_ dependencies, Garden will
# automatically ignore those dependency declarations. Note however that template strings referencing the module's
# service or task outputs (i.e. runtime outputs) will fail to resolve when the module is disabled, so you need to make
# sure to provide alternate values for those if you're using them, using conditional expressions.
disabled: false

# Specify a list of POSIX-style paths or globs that should be regarded as the source files for this module. Files that
# do *not* match these paths or globs are excluded when computing the version of the module, when responding to
# filesystem watch events, and when staging builds.
#
# Note that you can also _exclude_ files using the `exclude` field or by placing `.gardenignore` files in your source
# tree, which use the same format as `.gitignore` files. See the [Configuration Files
# guide](https://docs.garden.io/using-garden/configuration-overview#including-excluding-files-and-directories) for
# details.
#
# Also note that specifying an empty list here means _no sources_ should be included.
#
# If neither `include` nor `exclude` is set, and the module has a Dockerfile, Garden
# will parse the Dockerfile and automatically set `include` to match the files and
# folders added to the Docker image (via the `COPY` and `ADD` directives in the Dockerfile).
#
# If neither `include` nor `exclude` is set, and the module
# specifies a remote image, Garden automatically sets `include` to `[]`.
include:

# Specify a list of POSIX-style paths or glob patterns that should be excluded from the module. Files that match these
# paths or globs are excluded when computing the version of the module, when responding to filesystem watch events,
# and when staging builds.
#
# Note that you can also explicitly _include_ files using the `include` field. If you also specify the `include`
# field, the files/patterns specified here are filtered from the files matched by `include`. See the [Configuration
# Files guide](https://docs.garden.io/using-garden/configuration-overview#including-excluding-files-and-directories)
# for details.
#
# Unlike the `scan.exclude` field in the project config, the filters here have _no effect_ on which files and
# directories are watched for changes. Use the project `scan.exclude` field to affect those, if you have large
# directories that should not be watched for changes.
exclude:

# A remote repository URL. Currently only supports git servers. Must contain a hash suffix pointing to a specific
# branch or tag, with the format: <git remote url>#<branch|tag>
#
# Garden will import the repository source code into this module, but read the module's config from the local
# garden.yml file.
repositoryUrl:

# When false, disables pushing this module to remote registries via the publish command.
allowPublish: true

# A list of files to write to the module directory when resolving this module. This is useful to automatically
# generate (and template) any supporting files needed for the module.
generateFiles:
  - # POSIX-style filename to read the source file contents from, relative to the path of the module (or the
    # ConfigTemplate configuration file if one is being applied).
    # This file may contain template strings, much like any other field in the configuration.
    sourcePath:

    # POSIX-style filename to write the resolved file contents to, relative to the path of the module source directory
    # (for remote modules this means the root of the module repository, otherwise the directory of the module
    # configuration).
    #
    # Note that any existing file with the same name will be overwritten. If the path contains one or more
    # directories, they will be automatically created if missing.
    targetPath:

    # By default, Garden will attempt to resolve any Garden template strings in source files. Set this to false to
    # skip resolving template strings. Note that this does not apply when setting the `value` field, since that's
    # resolved earlier when parsing the configuration.
    resolveTemplates: true

    # The desired file contents as a string.
    value:

# A map of variables scoped to this particular module. These are resolved before any other parts of the module
# configuration and take precedence over project-scoped variables. They may reference project-scoped variables, and
# generally use any template strings normally allowed when resolving modules.
variables:

# Specify a path (relative to the module root) to a file containing variables, that we apply on top of the
# module-level `variables` field.
#
# The format of the files is determined by the configured file's extension:
#
# * `.yaml`/`.yml` - YAML. The file must consist of a YAML document, which must be a map (dictionary). Keys may
# contain any value type. YAML format is used by default.
# * `.env` - Standard "dotenv" format, as defined by [dotenv](https://github.com/motdotla/dotenv#rules).
# * `.json` - JSON. Must contain a single JSON _object_ (not an array).
#
# _NOTE: The default varfile format was changed to YAML in Garden v0.13, since YAML allows for definition of nested
# objects and arrays._
#
# To use different module-level varfiles in different environments, you can template in the environment name
# to the varfile name, e.g. `varfile: "my-module.${environment.name}.env` (this assumes that the corresponding
# varfiles exist).
varfile:

# Specify build arguments to use when building the container image.
#
# Note: Garden will always set a `GARDEN_ACTION_VERSION` (alias `GARDEN_MODULE_VERSION`) argument with the
# module/build version at build time.
buildArgs: {}

# Specify extra flags to use when building the container image. Note that arguments may not be portable across
# implementations.
extraFlags:

# Specify the platforms to build the image for. This is useful when building multi-platform images.
# The format is `os/arch`, e.g. `linux/amd64`, `linux/arm64`, etc.
platforms:

# Secret values that can be mounted in the Dockerfile, but do not become part of the image filesystem or image
# manifest. This is useful e.g. for private registry auth tokens.
#
# Build arguments and environment variables are inappropriate for secrets, as they persist in the final image.
#
# The secret can later be consumed in the Dockerfile like so:
#   RUN --mount=type=secret,id=mytoken TOKEN=$(cat /run/secrets/mytoken) ...
#
# See also https://docs.docker.com/build/building/secrets/
secrets:

# Specify the image name for the container. Should be a valid Docker image identifier. If specified and the module
# does not contain a Dockerfile, this image will be used to deploy services for this module. If specified and the
# module does contain a Dockerfile, this identifier is used when pushing the built image.
image:

# POSIX-style name of a Dockerfile, relative to module root.
dockerfile:

# A list of services to deploy from this container module.
services:
  - # Valid RFC1035/RFC1123 (DNS) label (may contain lowercase letters, numbers and dashes, must start with a letter,
    # and cannot end with a dash), cannot contain consecutive dashes or start with `garden`, or be longer than 63
    # characters.
    name:

    # The names of any services that this service depends on at runtime, and the names of any tasks that should be
    # executed before this service is deployed.
    dependencies: []

    # Set this to `true` to disable the service. You can use this with conditional template strings to enable/disable
    # services based on, for example, the current environment or other variables (e.g. `enabled: ${environment.name !=
    # "prod"}`). This can be handy when you only need certain services for specific environments, e.g. only for
    # development.
    #
    # Disabling a service means that it will not be deployed, and will also be ignored if it is declared as a runtime
    # dependency for another service, test or task.
    #
    # Note however that template strings referencing the service's outputs (i.e. runtime outputs) will fail to resolve
    # when the service is disabled, so you need to make sure to provide alternate values for those if you're using
    # them, using conditional expressions.
    disabled: false

    # The command/entrypoint to run the container with.
    command:

    # The arguments (on top of the `command`, i.e. entrypoint) to run the container with.
    args:

    # Key/value map of environment variables. Keys must be valid POSIX environment variable names (must not start with
    # `GARDEN`) and values must be primitives or references to secrets.
    env: {}

    cpu:
      # The minimum amount of CPU the container needs to be available for it to be deployed, in millicpus (i.e. 1000 =
      # 1 CPU)
      min: 10

      # The maximum amount of CPU the container can use, in millicpus (i.e. 1000 = 1 CPU). If set to null will result
      # in no limit being set.
      max: 1000

    memory:
      # The minimum amount of RAM the container needs to be available for it to be deployed, in megabytes (i.e. 1024 =
      # 1 GB)
      min: 90

      # The maximum amount of RAM the container can use, in megabytes (i.e. 1024 = 1 GB) If set to null will result in
      # no limit being set.
      max: 1024

    # List of volumes that should be mounted when starting the container.
    #
    # Note: If neither `hostPath` nor `module` is specified,
    # an empty ephemeral volume is created and mounted when deploying the container.
    volumes:
      - # The name of the allocated volume.
        name:

        # The path where the volume should be mounted in the container.
        containerPath:

        # _NOTE: Usage of hostPath is generally discouraged, since it doesn't work reliably across different platforms
        # and providers. Some providers may not support it at all._
        #
        # A local path or path on the node that's running the container, to mount in the container, relative to the
        # config source directory (or absolute).
        hostPath:

        # The name of a _volume module_ that should be mounted at `containerPath`. The supported module types will
        # depend on which provider you are using. The `kubernetes` provider supports the [persistentvolumeclaim
        # module](./persistentvolumeclaim.md), for example.
        #
        # When a `module` is specified, the referenced module/volume will be automatically configured as a runtime
        # dependency of this service, as well as a build dependency of this module.
        #
        # Note: Make sure to pay attention to the supported `accessModes` of the referenced volume. Unless it supports
        # the ReadWriteMany access mode, you'll need to make sure it is not configured to be mounted by multiple
        # services at the same time. Refer to the documentation of the module type in question to learn more.
        module:

    # If true, run the main container in privileged mode. Processes in privileged containers are essentially
    # equivalent to root on the host. Defaults to false.
    privileged:

    # POSIX capabilities to add when running the container.
    addCapabilities:

    # POSIX capabilities to remove when running the container.
    dropCapabilities:

    # Specify if containers in this action have TTY support enabled (which implies having stdin support enabled).
    tty: false

    # Specifies the container's deployment strategy.
    deploymentStrategy: RollingUpdate

    # Annotations to attach to the service _(note: May not be applicable to all providers)_.
    #
    # When using the Kubernetes provider, these annotations are applied to both Service and Pod resources. You can
    # generally specify the annotations intended for both Pods or Services here, and the ones that don't apply on
    # either side will be ignored (i.e. if you put a Service annotation here, it'll also appear on Pod specs but will
    # be safely ignored there, and vice versa).
    annotations: {}

    # Whether to run the service as a daemon (to ensure exactly one instance runs per node). May not be supported by
    # all providers.
    daemon: false

    # Specifies which files or directories to sync to which paths inside the running containers of the service when
    # it's in sync mode, and overrides for the container command and/or arguments.
    #
    # Sync is enabled e.g. by setting the `--sync` flag on the `garden deploy` command.
    #
    # See the [Code Synchronization guide](https://docs.garden.io/guides/code-synchronization) for more information.
    sync:
      # Override the default container arguments when in sync mode.
      args:

      # Override the default container command (i.e. entrypoint) when in sync mode.
      command:

      # Specify one or more source files or directories to automatically sync with the running container.
      paths:
        - # Path to a local directory to be synchronized with the target.
          # This should generally be a templated path to another action's source path (e.g.
          # `${actions.build.my-container-image.sourcePath}`), or a relative path.
          # If a path is hard-coded, we recommend sticking with relative paths here, and using forward slashes (`/`)
          # as a delimiter, as Windows-style paths with back slashes (`\`) and absolute paths will work on some
          # platforms, but they are not portable and will not work for users on other platforms.
          # Defaults to the Deploy action's config's directory if no value is provided.
          source: .

          # POSIX-style absolute path to sync to inside the container. The root path (i.e. "/") is not allowed.
          target:

          # Specify a list of POSIX-style paths or glob patterns that should be excluded from the sync.
          #
          # `.git` directories and `.garden` directories are always ignored.
          exclude:

          # The sync mode to use for the given paths. See the [Code Synchronization
          # guide](https://docs.garden.io/guides/code-synchronization) for details.
          mode: one-way-safe

          # The default permission bits, specified as an octal, to set on files at the sync target. Defaults to 0o644
          # (user can read/write, everyone else can read). See the [Mutagen
          # docs](https://mutagen.io/documentation/synchronization/permissions#permissions) for more information.
          defaultFileMode: 420

          # The default permission bits, specified as an octal, to set on directories at the sync target. Defaults to
          # 0o755 (user can read/write, everyone else can read). See the [Mutagen
          # docs](https://mutagen.io/documentation/synchronization/permissions#permissions) for more information.
          defaultDirectoryMode: 493

          # Set the default owner of files and directories at the target. Specify either an integer ID or a string
          # name. See the [Mutagen
          # docs](https://mutagen.io/documentation/synchronization/permissions#owners-and-groups) for more
          # information.
          defaultOwner:

          # Set the default group on files and directories at the target. Specify either an integer ID or a string
          # name. See the [Mutagen
          # docs](https://mutagen.io/documentation/synchronization/permissions#owners-and-groups) for more
          # information.
          defaultGroup:

    # [EXPERIMENTAL] Configures the local application which will send and receive network requests instead of the
    # target resource.
    #
    # The target service will be replaced by a proxy container which runs an SSH server to proxy requests.
    # Reverse port-forwarding will be automatically configured to route traffic to the local service and back.
    #
    # Local mode is enabled by setting the `--local` option on the `garden deploy` command.
    # Local mode always takes the precedence over sync mode if there are any conflicting service names.
    #
    # Health checks are disabled for services running in local mode.
    #
    # See the [Local Mode guide](https://docs.garden.io/guides/running-service-in-local-mode) for more information.
    #
    # Note! This feature is still experimental. Some incompatible changes can be made until the first non-experimental
    # release.
    localMode:
      # The reverse port-forwards configuration for the local application.
      ports:
        - # The local port to be used for reverse port-forward.
          local:

          # The remote port to be used for reverse port-forward.
          remote:

      # The command to run the local application. If not present, then the local application should be started
      # manually.
      command:

      # Specifies restarting policy for the local application. By default, the local application will be restarting
      # infinitely with 1000ms between attempts.
      restart:
        # Delay in milliseconds between the local application restart attempts. The default value is 1000ms.
        delayMsec: 1000

        # Max number of the local application restarts. Unlimited by default.
        max: .inf

    # Specify an image ID to deploy. Should be a valid Docker image identifier. Required if no `build` is specified.
    image:

    # List of ingress endpoints that the service exposes.
    ingresses:
      - # Annotations to attach to the ingress (Note: May not be applicable to all providers)
        annotations: {}

        # The hostname that should route to this service. Defaults to the default hostname configured in the provider
        # configuration.
        #
        # Note that if you're developing locally you may need to add this hostname to your hosts file.
        hostname:

        # The link URL for the ingress to show in the console and in dashboards. Also used when calling the service
        # with the `call` command.
        #
        # Use this if the actual URL is different from what's specified in the ingress, e.g. because there's a load
        # balancer in front of the service that rewrites the paths.
        #
        # Otherwise Garden will construct the link URL from the ingress spec.
        linkUrl:

        # The path which should be routed to the service.
        path: /

        # The name of the container port where the specified paths should be routed.
        port:

    # Specify how the service's health should be checked after deploying.
    healthCheck:
      # Set this to check the service's health by making an HTTP request.
      httpGet:
        # The path of the service's health check endpoint.
        path:

        # The name of the port where the service's health check endpoint should be available.
        port:

        scheme: HTTP

      # Set this to check the service's health by running a command in its container.
      command:

      # Set this to check the service's health by checking if this TCP port is accepting connections.
      tcpPort:

      # The maximum number of seconds to wait until the readiness check counts as failed.
      readinessTimeoutSeconds: 3

      # The maximum number of seconds to wait until the liveness check counts as failed.
      livenessTimeoutSeconds: 3

    # The maximum duration (in seconds) to wait for resources to deploy and become healthy.
    timeout: 300

    # List of ports that the service container exposes.
    ports:
      - # The name of the port (used when referencing the port elsewhere in the service configuration).
        name:

        # The protocol of the port.
        protocol: TCP

        # The port exposed on the container by the running process. This will also be the default value for
        # `servicePort`.
        # This is the port you would expose in your Dockerfile and that your process listens on. This is commonly a
        # non-privileged port like 8080 for security reasons.
        # The service port maps to the container port:
        # `servicePort:80 -> containerPort:8080 -> process:8080`
        containerPort:

        # Specify a preferred local port to attach to when creating a port-forward to the service port. If this port
        # is
        # busy, a warning will be shown and an alternative port chosen.
        localPort:

        # The port exposed on the service. Defaults to `containerPort` if not specified.
        # This is the port you use when calling a service from another service within the cluster. For example, if
        # your service name is my-service and the service port is 8090, you would call it with:
        # http://my-service:8090/some-endpoint.
        # It is common to use port 80, the default port number, so that you can call the service directly with
        # http://my-service/some-endpoint.
        # The service port maps to the container port:
        # `servicePort:80 -> containerPort:8080 -> process:8080`
        servicePort:

        # Set this to expose the service on the specified port on the host node (may not be supported by all
        # providers). Set to `true` to have the cluster pick a port automatically, which is most often advisable if
        # the cluster is shared by multiple users.
        # This allows you to call the service from the outside by the node's IP address and the port number set in
        # this field.
        nodePort:

    # The number of instances of the service to deploy. Defaults to 3 for environments configured with `production:
    # true`, otherwise 1.
    # Note: This setting may be overridden or ignored in some cases. For example, when running with `daemon: true` or
    # if the provider doesn't support multiple replicas.
    replicas:

# A list of tests to run in the module.
tests:
  - # The name of the test.
    name:

    # The names of any services that must be running, and the names of any tasks that must be executed, before the
    # test is run.
    dependencies: []

    # Set this to `true` to disable the test. You can use this with conditional template strings to
    # enable/disable tests based on, for example, the current environment or other variables (e.g.
    # `enabled: ${environment.name != "prod"}`). This is handy when you only want certain tests to run in
    # specific environments, e.g. only during CI.
    disabled: false

    # Maximum duration (in seconds) of the test run.
    timeout: 600

    # The command/entrypoint to run the container with.
    command:

    # The arguments (on top of the `command`, i.e. entrypoint) to run the container with.
    args:

    # Key/value map of environment variables. Keys must be valid POSIX environment variable names (must not start with
    # `GARDEN`) and values must be primitives or references to secrets.
    env: {}

    cpu:
      # The minimum amount of CPU the container needs to be available for it to be deployed, in millicpus (i.e. 1000 =
      # 1 CPU)
      min: 10

      # The maximum amount of CPU the container can use, in millicpus (i.e. 1000 = 1 CPU). If set to null will result
      # in no limit being set.
      max: 1000

    memory:
      # The minimum amount of RAM the container needs to be available for it to be deployed, in megabytes (i.e. 1024 =
      # 1 GB)
      min: 90

      # The maximum amount of RAM the container can use, in megabytes (i.e. 1024 = 1 GB) If set to null will result in
      # no limit being set.
      max: 1024

    # List of volumes that should be mounted when starting the container.
    #
    # Note: If neither `hostPath` nor `module` is specified,
    # an empty ephemeral volume is created and mounted when deploying the container.
    volumes:
      - # The name of the allocated volume.
        name:

        # The path where the volume should be mounted in the container.
        containerPath:

        # _NOTE: Usage of hostPath is generally discouraged, since it doesn't work reliably across different platforms
        # and providers. Some providers may not support it at all._
        #
        # A local path or path on the node that's running the container, to mount in the container, relative to the
        # config source directory (or absolute).
        hostPath:

        # The name of a _volume module_ that should be mounted at `containerPath`. The supported module types will
        # depend on which provider you are using. The `kubernetes` provider supports the [persistentvolumeclaim
        # module](./persistentvolumeclaim.md), for example.
        #
        # When a `module` is specified, the referenced module/volume will be automatically configured as a runtime
        # dependency of this service, as well as a build dependency of this module.
        #
        # Note: Make sure to pay attention to the supported `accessModes` of the referenced volume. Unless it supports
        # the ReadWriteMany access mode, you'll need to make sure it is not configured to be mounted by multiple
        # services at the same time. Refer to the documentation of the module type in question to learn more.
        module:

    # If true, run the main container in privileged mode. Processes in privileged containers are essentially
    # equivalent to root on the host. Defaults to false.
    privileged:

    # POSIX capabilities to add when running the container.
    addCapabilities:

    # POSIX capabilities to remove when running the container.
    dropCapabilities:

    # Specify if containers in this action have TTY support enabled (which implies having stdin support enabled).
    tty: false

    # Specifies the container's deployment strategy.
    deploymentStrategy: RollingUpdate

    # Specify artifacts to copy out of the container after the run. The artifacts are stored locally under the
    # `.garden/artifacts` directory.
    #
    # Note: Depending on the provider, this may require the container image to include `sh` `tar`, in order to enable
    # the file transfer.
    artifacts:
      - # A POSIX-style path or glob to copy. Must be an absolute path. May contain wildcards.
        source:

        # A POSIX-style path to copy the artifacts to, relative to the project artifacts directory at
        # `.garden/artifacts`.
        target: .

    # Specify an image ID to deploy. Should be a valid Docker image identifier. Required if no `build` is specified.
    image:

# A list of tasks that can be run from this container module. These can be used as dependencies for services (executed
# before the service is deployed) or for other tasks.
tasks:
  - # The name of the task.
    name:

    # A description of the task.
    description:

    # The names of any tasks that must be executed, and the names of any services that must be running, before this
    # task is executed.
    dependencies: []

    # Set this to `true` to disable the task. You can use this with conditional template strings to enable/disable
    # tasks based on, for example, the current environment or other variables (e.g. `enabled: ${environment.name !=
    # "prod"}`). This can be handy when you only want certain tasks to run in specific environments, e.g. only for
    # development.
    #
    # Disabling a task means that it will not be run, and will also be ignored if it is declared as a runtime
    # dependency for another service, test or task.
    #
    # Note however that template strings referencing the task's outputs (i.e. runtime outputs) will fail to resolve
    # when the task is disabled, so you need to make sure to provide alternate values for those if you're using them,
    # using conditional expressions.
    disabled: false

    # Maximum duration (in seconds) of the task's execution.
    timeout: 600

    # The command/entrypoint to run the container with.
    command:

    # The arguments (on top of the `command`, i.e. entrypoint) to run the container with.
    args:

    # Key/value map of environment variables. Keys must be valid POSIX environment variable names (must not start with
    # `GARDEN`) and values must be primitives or references to secrets.
    env: {}

    cpu:
      # The minimum amount of CPU the container needs to be available for it to be deployed, in millicpus (i.e. 1000 =
      # 1 CPU)
      min: 10

      # The maximum amount of CPU the container can use, in millicpus (i.e. 1000 = 1 CPU). If set to null will result
      # in no limit being set.
      max: 1000

    memory:
      # The minimum amount of RAM the container needs to be available for it to be deployed, in megabytes (i.e. 1024 =
      # 1 GB)
      min: 90

      # The maximum amount of RAM the container can use, in megabytes (i.e. 1024 = 1 GB) If set to null will result in
      # no limit being set.
      max: 1024

    # List of volumes that should be mounted when starting the container.
    #
    # Note: If neither `hostPath` nor `module` is specified,
    # an empty ephemeral volume is created and mounted when deploying the container.
    volumes:
      - # The name of the allocated volume.
        name:

        # The path where the volume should be mounted in the container.
        containerPath:

        # _NOTE: Usage of hostPath is generally discouraged, since it doesn't work reliably across different platforms
        # and providers. Some providers may not support it at all._
        #
        # A local path or path on the node that's running the container, to mount in the container, relative to the
        # config source directory (or absolute).
        hostPath:

        # The name of a _volume module_ that should be mounted at `containerPath`. The supported module types will
        # depend on which provider you are using. The `kubernetes` provider supports the [persistentvolumeclaim
        # module](./persistentvolumeclaim.md), for example.
        #
        # When a `module` is specified, the referenced module/volume will be automatically configured as a runtime
        # dependency of this service, as well as a build dependency of this module.
        #
        # Note: Make sure to pay attention to the supported `accessModes` of the referenced volume. Unless it supports
        # the ReadWriteMany access mode, you'll need to make sure it is not configured to be mounted by multiple
        # services at the same time. Refer to the documentation of the module type in question to learn more.
        module:

    # If true, run the main container in privileged mode. Processes in privileged containers are essentially
    # equivalent to root on the host. Defaults to false.
    privileged:

    # POSIX capabilities to add when running the container.
    addCapabilities:

    # POSIX capabilities to remove when running the container.
    dropCapabilities:

    # Specify if containers in this action have TTY support enabled (which implies having stdin support enabled).
    tty: false

    # Specifies the container's deployment strategy.
    deploymentStrategy: RollingUpdate

    # Specify artifacts to copy out of the container after the run. The artifacts are stored locally under the
    # `.garden/artifacts` directory.
    #
    # Note: Depending on the provider, this may require the container image to include `sh` `tar`, in order to enable
    # the file transfer.
    artifacts:
      - # A POSIX-style path or glob to copy. Must be an absolute path. May contain wildcards.
        source:

        # A POSIX-style path to copy the artifacts to, relative to the project artifacts directory at
        # `.garden/artifacts`.
        target: .

    # Specify an image ID to deploy. Should be a valid Docker image identifier. Required if no `build` is specified.
    image:

    # Set to false if you don't want the Runs's result to be cached. Use this if the Run needs to be run any time your
    # project (or one or more of the Run's dependants) is deployed. Otherwise the Run is only re-run when its version
    # changes, or when you run `garden run`.
    cacheResult: true

Configuration Keys

kind

TypeAllowed ValuesDefaultRequired

string

"Module"

"Module"

Yes

type

The type of this module.

TypeRequired

string

Yes

Example:

type: "container"

name

The name of this module.

TypeRequired

string

Yes

Example:

name: "my-sweet-module"

build

Specify how to build the module. Note that plugins may define additional keys on this object.

TypeDefaultRequired

object

{"dependencies":[]}

No

build.dependencies[]

build > dependencies

A list of modules that must be built before this module is built.

TypeDefaultRequired

array[object]

[]

No

Example:

build:
  ...
  dependencies:
    - name: some-other-module-name

build.dependencies[].name

build > dependencies > name

Module name to build ahead of this module.

TypeRequired

string

Yes

build.dependencies[].copy[]

build > dependencies > copy

Specify one or more files or directories to copy from the built dependency to this module.

TypeDefaultRequired

array[object]

[]

No

build.dependencies[].copy[].source

build > dependencies > copy > source

POSIX-style path or filename of the directory or file(s) to copy to the target.

TypeRequired

posixPath

Yes

build.dependencies[].copy[].target

build > dependencies > copy > target

POSIX-style path or filename to copy the directory or file(s), relative to the build directory. Defaults to the same as source path.

TypeRequired

posixPath

No

build.timeout

build > timeout

Maximum time in seconds to wait for build to finish.

TypeDefaultRequired

number

600

No

build.projectType

build > projectType

The type of project to build. Defaults to auto-detecting between gradle and maven (based on which files/directories are found in the action root), but in some cases you may need to specify it.

TypeAllowed ValuesDefaultRequired

string

"gradle", "maven", "jib", "auto", "mavend"

"auto"

Yes

build.jdkVersion

build > jdkVersion

The JDK version to use.

The chosen version will be downloaded by Garden and used to define JAVA_HOME environment variable for Gradle and Maven.

To use an arbitrary JDK distribution, please use the jdkPath configuration option.

TypeAllowed ValuesDefaultRequired

number

8, 11, 13, 17, 21

11

Yes

build.jdkPath

build > jdkPath

The JDK home path. This always overrides the JDK defined in jdkVersion.

The value will be used as JAVA_HOME environment variable for Gradle and Maven.

TypeRequired

string

No

Example:

build:
  ...
  jdkPath: "${local.env.JAVA_HOME}"

build.dockerBuild

build > dockerBuild

Build the image and push to a local Docker daemon (i.e. use the jib:dockerBuild / jibDockerBuild target).

TypeDefaultRequired

boolean

false

No

build.tarOnly

build > tarOnly

Don't load or push the resulting image to a Docker daemon or registry, only build it as a tar file.

TypeDefaultRequired

boolean

false

No

build.tarFormat

build > tarFormat

Specify the image format in the resulting tar file. Only used if tarOnly: true.

TypeAllowed ValuesDefaultRequired

string

"docker", "oci"

"docker"

Yes

build.gradlePath

build > gradlePath

Defines the location of the custom executable Gradle binary.

If not provided, then the Gradle binary available in the working directory will be used. If no Gradle binary found in the working dir, then Gradle 7.5.1 will be downloaded and used.

Note! Either jdkVersion or jdkPath will be used to define JAVA_HOME environment variable for the custom Gradle. To ensure a system JDK usage, please set jdkPath to ${local.env.JAVA_HOME}.

TypeRequired

string

No

build.mavenPath

build > mavenPath

Defines the location of the custom executable Maven binary.

If not provided, then Maven 3.8.8 will be downloaded and used.

Note! Either jdkVersion or jdkPath will be used to define JAVA_HOME environment variable for the custom Maven. To ensure a system JDK usage, please set jdkPath to ${local.env.JAVA_HOME}.

TypeRequired

string

No

build.mavenPhases[]

build > mavenPhases

Defines the Maven phases to be executed during the Garden build step.

TypeDefaultRequired

array[string]

["compile"]

No

build.mavendPath

build > mavendPath

Defines the location of the custom executable Maven Daemon binary.

If not provided, then Maven Daemon 0.9.0 will be downloaded and used.

Note! Either jdkVersion or jdkPath will be used to define JAVA_HOME environment variable for the custom Maven Daemon. To ensure a system JDK usage, please set jdkPath to ${local.env.JAVA_HOME}.

TypeRequired

string

No

build.concurrentMavenBuilds

build > concurrentMavenBuilds

Experimental: this is an experimental feature and the API might change in the future.

[EXPERIMENTAL] Enable/disable concurrent Maven and Maven Daemon builds.

Note! Concurrent builds can be unstable. This option is disabled by default. This option must be configured for each Build action individually.

TypeDefaultRequired

boolean

false

No

build.extraFlags[]

build > extraFlags

Specify extra flags to pass to maven/gradle when building the container image.

TypeRequired

array[string]

No

local

If set to true, Garden will run the build command, services, tests, and tasks in the module source directory, instead of in the Garden build directory (under .garden/build/).

Garden will therefore not stage the build for local modules. This means that include/exclude filters and ignore files are not applied to local modules, except to calculate the module/action versions.

If you use use build.dependencies[].copy for one or more build dependencies of this module, the copied files will be copied to the module source directory (instead of the build directory, as is the default case when local = false).

Note: This maps to the buildAtSource option in this module's generated Build action (if any).

TypeDefaultRequired

boolean

false

No

description

A description of the module.

TypeRequired

string

No

disabled

Set this to true to disable the module. You can use this with conditional template strings to disable modules based on, for example, the current environment or other variables (e.g. disabled: ${environment.name == "prod"}). This can be handy when you only need certain modules for specific environments, e.g. only for development.

Disabling a module means that any services, tasks and tests contained in it will not be deployed or run. It also means that the module is not built unless it is declared as a build dependency by another enabled module (in which case building this module is necessary for the dependant to be built).

If you disable the module, and its services, tasks or tests are referenced as runtime dependencies, Garden will automatically ignore those dependency declarations. Note however that template strings referencing the module's service or task outputs (i.e. runtime outputs) will fail to resolve when the module is disabled, so you need to make sure to provide alternate values for those if you're using them, using conditional expressions.

TypeDefaultRequired

boolean

false

No

include[]

Specify a list of POSIX-style paths or globs that should be regarded as the source files for this module. Files that do not match these paths or globs are excluded when computing the version of the module, when responding to filesystem watch events, and when staging builds.

Note that you can also exclude files using the exclude field or by placing .gardenignore files in your source tree, which use the same format as .gitignore files. See the Configuration Files guide for details.

Also note that specifying an empty list here means no sources should be included.

If neither include nor exclude is set, and the module has a Dockerfile, Garden will parse the Dockerfile and automatically set include to match the files and folders added to the Docker image (via the COPY and ADD directives in the Dockerfile).

If neither include nor exclude is set, and the module specifies a remote image, Garden automatically sets include to [].

TypeRequired

array[posixPath]

No

Example:

include:
  - Dockerfile
  - my-app.js

exclude[]

Specify a list of POSIX-style paths or glob patterns that should be excluded from the module. Files that match these paths or globs are excluded when computing the version of the module, when responding to filesystem watch events, and when staging builds.

Note that you can also explicitly include files using the include field. If you also specify the include field, the files/patterns specified here are filtered from the files matched by include. See the Configuration Files guide for details.

Unlike the scan.exclude field in the project config, the filters here have no effect on which files and directories are watched for changes. Use the project scan.exclude field to affect those, if you have large directories that should not be watched for changes.

TypeRequired

array[posixPath]

No

Example:

exclude:
  - tmp/**/*
  - '*.log'

repositoryUrl

A remote repository URL. Currently only supports git servers. Must contain a hash suffix pointing to a specific branch or tag, with the format: #<branch|tag>

Garden will import the repository source code into this module, but read the module's config from the local garden.yml file.

TypeRequired

gitUrl | string

No

Example:

repositoryUrl: "git+https://github.com/org/repo.git#v2.0"

allowPublish

When false, disables pushing this module to remote registries via the publish command.

TypeDefaultRequired

boolean

true

No

generateFiles[]

A list of files to write to the module directory when resolving this module. This is useful to automatically generate (and template) any supporting files needed for the module.

TypeDefaultRequired

array[object]

[]

No

generateFiles[].sourcePath

generateFiles > sourcePath

POSIX-style filename to read the source file contents from, relative to the path of the module (or the ConfigTemplate configuration file if one is being applied). This file may contain template strings, much like any other field in the configuration.

TypeRequired

posixPath

No

generateFiles[].targetPath

generateFiles > targetPath

POSIX-style filename to write the resolved file contents to, relative to the path of the module source directory (for remote modules this means the root of the module repository, otherwise the directory of the module configuration).

Note that any existing file with the same name will be overwritten. If the path contains one or more directories, they will be automatically created if missing.

TypeRequired

posixPath

Yes

generateFiles[].resolveTemplates

generateFiles > resolveTemplates

By default, Garden will attempt to resolve any Garden template strings in source files. Set this to false to skip resolving template strings. Note that this does not apply when setting the value field, since that's resolved earlier when parsing the configuration.

TypeDefaultRequired

boolean

true

No

generateFiles[].value

generateFiles > value

The desired file contents as a string.

TypeRequired

string

No

variables

A map of variables scoped to this particular module. These are resolved before any other parts of the module configuration and take precedence over project-scoped variables. They may reference project-scoped variables, and generally use any template strings normally allowed when resolving modules.

TypeRequired

object

No

varfile

Specify a path (relative to the module root) to a file containing variables, that we apply on top of the module-level variables field.

The format of the files is determined by the configured file's extension:

  • .yaml/.yml - YAML. The file must consist of a YAML document, which must be a map (dictionary). Keys may contain any value type. YAML format is used by default.

  • .env - Standard "dotenv" format, as defined by dotenv.

  • .json - JSON. Must contain a single JSON object (not an array).

NOTE: The default varfile format was changed to YAML in Garden v0.13, since YAML allows for definition of nested objects and arrays.

To use different module-level varfiles in different environments, you can template in the environment name to the varfile name, e.g. varfile: "my-module.${environment.name}.env (this assumes that the corresponding varfiles exist).

TypeRequired

posixPath

No

Example:

varfile: "my-module.env"

buildArgs

Specify build arguments to use when building the container image.

Note: Garden will always set a GARDEN_ACTION_VERSION (alias GARDEN_MODULE_VERSION) argument with the module/build version at build time.

TypeDefaultRequired

object

{}

No

extraFlags[]

Specify extra flags to use when building the container image. Note that arguments may not be portable across implementations.

TypeRequired

array[string]

No

platforms[]

Specify the platforms to build the image for. This is useful when building multi-platform images. The format is os/arch, e.g. linux/amd64, linux/arm64, etc.

TypeRequired

array[string]

No

secrets

Secret values that can be mounted in the Dockerfile, but do not become part of the image filesystem or image manifest. This is useful e.g. for private registry auth tokens.

Build arguments and environment variables are inappropriate for secrets, as they persist in the final image.

The secret can later be consumed in the Dockerfile like so:

  RUN --mount=type=secret,id=mytoken TOKEN=$(cat /run/secrets/mytoken) ...

See also https://docs.docker.com/build/building/secrets/

TypeRequired

object

No

Example:

secrets:
    mytoken: supersecret

image

Specify the image name for the container. Should be a valid Docker image identifier. If specified and the module does not contain a Dockerfile, this image will be used to deploy services for this module. If specified and the module does contain a Dockerfile, this identifier is used when pushing the built image.

TypeRequired

string

No

dockerfile

POSIX-style name of a Dockerfile, relative to module root.

TypeRequired

posixPath

No

services[]

A list of services to deploy from this container module.

TypeDefaultRequired

array[object]

[]

No

services[].name

services > name

Valid RFC1035/RFC1123 (DNS) label (may contain lowercase letters, numbers and dashes, must start with a letter, and cannot end with a dash), cannot contain consecutive dashes or start with garden, or be longer than 63 characters.

TypeRequired

string

Yes

services[].dependencies[]

services > dependencies

The names of any services that this service depends on at runtime, and the names of any tasks that should be executed before this service is deployed.

TypeDefaultRequired

array[string]

[]

No

services[].disabled

services > disabled

Set this to true to disable the service. You can use this with conditional template strings to enable/disable services based on, for example, the current environment or other variables (e.g. enabled: ${environment.name != "prod"}). This can be handy when you only need certain services for specific environments, e.g. only for development.

Disabling a service means that it will not be deployed, and will also be ignored if it is declared as a runtime dependency for another service, test or task.

Note however that template strings referencing the service's outputs (i.e. runtime outputs) will fail to resolve when the service is disabled, so you need to make sure to provide alternate values for those if you're using them, using conditional expressions.

TypeDefaultRequired

boolean

false

No

services[].command[]

services > command

The command/entrypoint to run the container with.

TypeRequired

array[string]

No

Example:

services:
  - command:
      - /bin/sh
      - '-c'

services[].args[]

services > args

The arguments (on top of the command, i.e. entrypoint) to run the container with.

TypeRequired

array[string]

No

Example:

services:
  - args:
      - npm
      - start

services[].env

services > env

Key/value map of environment variables. Keys must be valid POSIX environment variable names (must not start with GARDEN) and values must be primitives or references to secrets.

TypeDefaultRequired

object

{}

No

Example:

services:
  - env:
        - MY_VAR: some-value
          MY_SECRET_VAR:
            secretRef:
              name: my-secret
              key: some-key
        - {}

services[].cpu

services > cpu

TypeDefaultRequired

object

{"min":10,"max":1000}

No

services[].cpu.min

services > cpu > min

The minimum amount of CPU the container needs to be available for it to be deployed, in millicpus (i.e. 1000 = 1 CPU)

TypeDefaultRequired

number

10

No

services[].cpu.max

services > cpu > max

The maximum amount of CPU the container can use, in millicpus (i.e. 1000 = 1 CPU). If set to null will result in no limit being set.

TypeDefaultRequired

number

1000

No

services[].memory

services > memory

TypeDefaultRequired

object

{"min":90,"max":1024}

No

services[].memory.min

services > memory > min

The minimum amount of RAM the container needs to be available for it to be deployed, in megabytes (i.e. 1024 = 1 GB)

TypeDefaultRequired

number

90

No

services[].memory.max

services > memory > max

The maximum amount of RAM the container can use, in megabytes (i.e. 1024 = 1 GB) If set to null will result in no limit being set.

TypeDefaultRequired

number

1024

No

services[].volumes[]

services > volumes

List of volumes that should be mounted when starting the container.

Note: If neither hostPath nor module is specified, an empty ephemeral volume is created and mounted when deploying the container.

TypeDefaultRequired

array[object]

[]

No

services[].volumes[].name

services > volumes > name

The name of the allocated volume.

TypeRequired

string

Yes

services[].volumes[].containerPath

services > volumes > containerPath

The path where the volume should be mounted in the container.

TypeRequired

posixPath

Yes

services[].volumes[].hostPath

services > volumes > hostPath

NOTE: Usage of hostPath is generally discouraged, since it doesn't work reliably across different platforms and providers. Some providers may not support it at all.

A local path or path on the node that's running the container, to mount in the container, relative to the config source directory (or absolute).

TypeRequired

posixPath

No

Example:

services:
  - volumes:
      - hostPath: "/some/dir"

services[].volumes[].module

services > volumes > module

The name of a volume module that should be mounted at containerPath. The supported module types will depend on which provider you are using. The kubernetes provider supports the persistentvolumeclaim module, for example.

When a module is specified, the referenced module/volume will be automatically configured as a runtime dependency of this service, as well as a build dependency of this module.

Note: Make sure to pay attention to the supported accessModes of the referenced volume. Unless it supports the ReadWriteMany access mode, you'll need to make sure it is not configured to be mounted by multiple services at the same time. Refer to the documentation of the module type in question to learn more.

TypeRequired

string

No

services[].privileged

services > privileged

If true, run the main container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

TypeRequired

boolean

No

services[].addCapabilities[]

services > addCapabilities

POSIX capabilities to add when running the container.

TypeRequired

array[string]

No

services[].dropCapabilities[]

services > dropCapabilities

POSIX capabilities to remove when running the container.

TypeRequired

array[string]

No

services[].tty

services > tty

Specify if containers in this action have TTY support enabled (which implies having stdin support enabled).

TypeDefaultRequired

boolean

false

No

services[].deploymentStrategy

services > deploymentStrategy

Specifies the container's deployment strategy.

TypeAllowed ValuesDefaultRequired

string

"RollingUpdate", "Recreate"

"RollingUpdate"

Yes

services[].annotations

services > annotations

Annotations to attach to the service (note: May not be applicable to all providers).

When using the Kubernetes provider, these annotations are applied to both Service and Pod resources. You can generally specify the annotations intended for both Pods or Services here, and the ones that don't apply on either side will be ignored (i.e. if you put a Service annotation here, it'll also appear on Pod specs but will be safely ignored there, and vice versa).

TypeDefaultRequired

object

{}

No

Example:

services:
  - annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: '0'

services[].daemon

services > daemon

Whether to run the service as a daemon (to ensure exactly one instance runs per node). May not be supported by all providers.

TypeDefaultRequired

boolean

false

No

services[].sync

services > sync

Specifies which files or directories to sync to which paths inside the running containers of the service when it's in sync mode, and overrides for the container command and/or arguments.

Sync is enabled e.g. by setting the --sync flag on the garden deploy command.

See the Code Synchronization guide for more information.

TypeRequired

object

No

services[].sync.args[]

services > sync > args

Override the default container arguments when in sync mode.

TypeRequired

array[string]

No

services[].sync.command[]

services > sync > command

Override the default container command (i.e. entrypoint) when in sync mode.

TypeRequired

array[string]

No

services[].sync.paths[]

services > sync > paths

Specify one or more source files or directories to automatically sync with the running container.

TypeRequired

array[object]

No

services[].sync.paths[].source

services > sync > paths > source

Path to a local directory to be synchronized with the target. This should generally be a templated path to another action's source path (e.g. ${actions.build.my-container-image.sourcePath}), or a relative path. If a path is hard-coded, we recommend sticking with relative paths here, and using forward slashes (/) as a delimiter, as Windows-style paths with back slashes (\) and absolute paths will work on some platforms, but they are not portable and will not work for users on other platforms. Defaults to the Deploy action's config's directory if no value is provided.

TypeDefaultRequired

string

"."

No

Example:

services:
  - sync:
      ...
      paths:
        - source: "src"

services[].sync.paths[].target

services > sync > paths > target

POSIX-style absolute path to sync to inside the container. The root path (i.e. "/") is not allowed.

TypeRequired

posixPath

Yes

Example:

services:
  - sync:
      ...
      paths:
        - target: "/app/src"

services[].sync.paths[].exclude[]

services > sync > paths > exclude

Specify a list of POSIX-style paths or glob patterns that should be excluded from the sync.

.git directories and .garden directories are always ignored.

TypeRequired

array[posixPath]

No

Example:

services:
  - sync:
      ...
      paths:
        - exclude:
            - dist/**/*
            - '*.log'

services[].sync.paths[].mode

services > sync > paths > mode

The sync mode to use for the given paths. See the Code Synchronization guide for details.

TypeAllowed ValuesDefaultRequired

string

"one-way", "one-way-safe", "one-way-replica", "one-way-reverse", "one-way-replica-reverse", "two-way", "two-way-safe", "two-way-resolved"

"one-way-safe"

Yes

services[].sync.paths[].defaultFileMode

services > sync > paths > defaultFileMode

The default permission bits, specified as an octal, to set on files at the sync target. Defaults to 0o644 (user can read/write, everyone else can read). See the Mutagen docs for more information.

TypeDefaultRequired

number

0o644

No

services[].sync.paths[].defaultDirectoryMode

services > sync > paths > defaultDirectoryMode

The default permission bits, specified as an octal, to set on directories at the sync target. Defaults to 0o755 (user can read/write, everyone else can read). See the Mutagen docs for more information.

TypeDefaultRequired

number

0o755

No

services[].sync.paths[].defaultOwner

services > sync > paths > defaultOwner

Set the default owner of files and directories at the target. Specify either an integer ID or a string name. See the Mutagen docs for more information.

TypeRequired

number | string

No

services[].sync.paths[].defaultGroup

services > sync > paths > defaultGroup

Set the default group on files and directories at the target. Specify either an integer ID or a string name. See the Mutagen docs for more information.

TypeRequired

number | string

No

services[].localMode

services > localMode

[EXPERIMENTAL] Configures the local application which will send and receive network requests instead of the target resource.

The target service will be replaced by a proxy container which runs an SSH server to proxy requests. Reverse port-forwarding will be automatically configured to route traffic to the local service and back.

Local mode is enabled by setting the --local option on the garden deploy command. Local mode always takes the precedence over sync mode if there are any conflicting service names.

Health checks are disabled for services running in local mode.

See the Local Mode guide for more information.

Note! This feature is still experimental. Some incompatible changes can be made until the first non-experimental release.

TypeRequired

object

No

services[].localMode.ports[]

services > localMode > ports

The reverse port-forwards configuration for the local application.

TypeRequired

array[object]

No

services[].localMode.ports[].local

services > localMode > ports > local

The local port to be used for reverse port-forward.

TypeRequired

number

No

services[].localMode.ports[].remote

services > localMode > ports > remote

The remote port to be used for reverse port-forward.

TypeRequired

number

No

services[].localMode.command[]

services > localMode > command

The command to run the local application. If not present, then the local application should be started manually.

TypeRequired

array[string]

No

services[].localMode.restart

services > localMode > restart

Specifies restarting policy for the local application. By default, the local application will be restarting infinitely with 1000ms between attempts.

TypeDefaultRequired

object

{"delayMsec":1000,"max":null}

No

services[].localMode.restart.delayMsec

services > localMode > restart > delayMsec

Delay in milliseconds between the local application restart attempts. The default value is 1000ms.

TypeDefaultRequired

number

1000

No

services[].localMode.restart.max

services > localMode > restart > max

Max number of the local application restarts. Unlimited by default.

TypeDefaultRequired

number

null

No

services[].image

services > image

Specify an image ID to deploy. Should be a valid Docker image identifier. Required if no build is specified.

TypeRequired

string

No

services[].ingresses[]

services > ingresses

List of ingress endpoints that the service exposes.

TypeDefaultRequired

array[object]

[]

No

Example:

services:
  - ingresses:
      - path: /api
        port: http

services[].ingresses[].annotations

services > ingresses > annotations

Annotations to attach to the ingress (Note: May not be applicable to all providers)

TypeDefaultRequired

object

{}

No

Example:

services:
  - ingresses:
      - path: /api
        port: http
      - annotations:
            nginx.ingress.kubernetes.io/proxy-body-size: '0'

services[].ingresses[].hostname

services > ingresses > hostname

The hostname that should route to this service. Defaults to the default hostname configured in the provider configuration.

Note that if you're developing locally you may need to add this hostname to your hosts file.

TypeRequired

hostname

No

services[].ingresses[].linkUrl

services > ingresses > linkUrl

The link URL for the ingress to show in the console and in dashboards. Also used when calling the service with the call command.

Use this if the actual URL is different from what's specified in the ingress, e.g. because there's a load balancer in front of the service that rewrites the paths.

Otherwise Garden will construct the link URL from the ingress spec.

TypeRequired

string

No

services[].ingresses[].path

services > ingresses > path

The path which should be routed to the service.

TypeDefaultRequired

string

"/"

No

services[].ingresses[].port

services > ingresses > port

The name of the container port where the specified paths should be routed.

TypeRequired

string

Yes

services[].healthCheck

services > healthCheck

Specify how the service's health should be checked after deploying.

TypeRequired

object

No

services[].healthCheck.httpGet

services > healthCheck > httpGet

Set this to check the service's health by making an HTTP request.

TypeRequired

object

No

services[].healthCheck.httpGet.path

services > healthCheck > httpGet > path

The path of the service's health check endpoint.

TypeRequired

string

Yes

services[].healthCheck.httpGet.port

services > healthCheck > httpGet > port

The name of the port where the service's health check endpoint should be available.

TypeRequired

string

Yes

services[].healthCheck.httpGet.scheme

services > healthCheck > httpGet > scheme

TypeDefaultRequired

string

"HTTP"

No

services[].healthCheck.command[]

services > healthCheck > command

Set this to check the service's health by running a command in its container.

TypeRequired

array[string]

No

services[].healthCheck.tcpPort

services > healthCheck > tcpPort

Set this to check the service's health by checking if this TCP port is accepting connections.

TypeRequired

string

No

services[].healthCheck.readinessTimeoutSeconds

services > healthCheck > readinessTimeoutSeconds

The maximum number of seconds to wait until the readiness check counts as failed.

TypeDefaultRequired

number

3

No

services[].healthCheck.livenessTimeoutSeconds

services > healthCheck > livenessTimeoutSeconds

The maximum number of seconds to wait until the liveness check counts as failed.

TypeDefaultRequired

number

3

No

services[].timeout

services > timeout

The maximum duration (in seconds) to wait for resources to deploy and become healthy.

TypeDefaultRequired

number

300

No

services[].limits

services > limits

Deprecated: This field will be removed in a future release.

Specify resource limits for the service.

TypeRequired

object

No

services[].limits.cpu

services > limits > cpu

Deprecated: This field will be removed in a future release.

The maximum amount of CPU the service can use, in millicpus (i.e. 1000 = 1 CPU)

TypeRequired

number

No

services[].limits.memory

services > limits > memory

Deprecated: This field will be removed in a future release.

The maximum amount of RAM the service can use, in megabytes (i.e. 1024 = 1 GB)

TypeRequired

number

No

services[].ports[]

services > ports

List of ports that the service container exposes.

TypeDefaultRequired

array[object]

[]

No

services[].ports[].name

services > ports > name

The name of the port (used when referencing the port elsewhere in the service configuration).

TypeRequired

string

Yes

services[].ports[].protocol

services > ports > protocol

The protocol of the port.

TypeDefaultRequired

string

"TCP"

No

services[].ports[].containerPort

services > ports > containerPort

The port exposed on the container by the running process. This will also be the default value for servicePort. This is the port you would expose in your Dockerfile and that your process listens on. This is commonly a non-privileged port like 8080 for security reasons. The service port maps to the container port: servicePort:80 -> containerPort:8080 -> process:8080

TypeRequired

number

Yes

Example:

services:
  - ports:
      - containerPort: 8080

services[].ports[].localPort

services > ports > localPort

Specify a preferred local port to attach to when creating a port-forward to the service port. If this port is busy, a warning will be shown and an alternative port chosen.

TypeRequired

number

No

Example:

services:
  - ports:
      - localPort: 10080

services[].ports[].servicePort

services > ports > servicePort

The port exposed on the service. Defaults to containerPort if not specified. This is the port you use when calling a service from another service within the cluster. For example, if your service name is my-service and the service port is 8090, you would call it with: http://my-service:8090/some-endpoint. It is common to use port 80, the default port number, so that you can call the service directly with http://my-service/some-endpoint. The service port maps to the container port: servicePort:80 -> containerPort:8080 -> process:8080

TypeRequired

number

No

Example:

services:
  - ports:
      - servicePort: 80

services[].ports[].hostPort

services > ports > hostPort

Deprecated: This field will be removed in a future release.

TypeRequired

number

No

services[].ports[].nodePort

services > ports > nodePort

Set this to expose the service on the specified port on the host node (may not be supported by all providers). Set to true to have the cluster pick a port automatically, which is most often advisable if the cluster is shared by multiple users. This allows you to call the service from the outside by the node's IP address and the port number set in this field.

TypeRequired

number

No

services[].replicas

services > replicas

The number of instances of the service to deploy. Defaults to 3 for environments configured with production: true, otherwise 1. Note: This setting may be overridden or ignored in some cases. For example, when running with daemon: true or if the provider doesn't support multiple replicas.

TypeRequired

number

No

tests[]

A list of tests to run in the module.

TypeDefaultRequired

array[object]

[]

No

tests[].name

tests > name

The name of the test.

TypeRequired

string

Yes

tests[].dependencies[]

tests > dependencies

The names of any services that must be running, and the names of any tasks that must be executed, before the test is run.

TypeDefaultRequired

array[string]

[]

No

tests[].disabled

tests > disabled

Set this to true to disable the test. You can use this with conditional template strings to enable/disable tests based on, for example, the current environment or other variables (e.g. enabled: ${environment.name != "prod"}). This is handy when you only want certain tests to run in specific environments, e.g. only during CI.

TypeDefaultRequired

boolean

false

No

tests[].timeout

tests > timeout

Maximum duration (in seconds) of the test run.

TypeDefaultRequired

number

600

No

tests[].command[]

tests > command

The command/entrypoint to run the container with.

TypeRequired

array[string]

No

Example:

tests:
  - command:
      - /bin/sh
      - '-c'

tests[].args[]

tests > args

The arguments (on top of the command, i.e. entrypoint) to run the container with.

TypeRequired

array[string]

No

Example:

tests:
  - args:
      - npm
      - start

tests[].env

tests > env

Key/value map of environment variables. Keys must be valid POSIX environment variable names (must not start with GARDEN) and values must be primitives or references to secrets.

TypeDefaultRequired

object

{}

No

Example:

tests:
  - env:
        - MY_VAR: some-value
          MY_SECRET_VAR:
            secretRef:
              name: my-secret
              key: some-key
        - {}

tests[].cpu

tests > cpu

TypeDefaultRequired

object

{"min":10,"max":1000}

No

tests[].cpu.min

tests > cpu > min

The minimum amount of CPU the container needs to be available for it to be deployed, in millicpus (i.e. 1000 = 1 CPU)

TypeDefaultRequired

number

10

No

tests[].cpu.max

tests > cpu > max

The maximum amount of CPU the container can use, in millicpus (i.e. 1000 = 1 CPU). If set to null will result in no limit being set.

TypeDefaultRequired

number

1000

No

tests[].memory

tests > memory

TypeDefaultRequired

object

{"min":90,"max":1024}

No

tests[].memory.min

tests > memory > min

The minimum amount of RAM the container needs to be available for it to be deployed, in megabytes (i.e. 1024 = 1 GB)

TypeDefaultRequired

number

90

No

tests[].memory.max

tests > memory > max

The maximum amount of RAM the container can use, in megabytes (i.e. 1024 = 1 GB) If set to null will result in no limit being set.

TypeDefaultRequired

number

1024

No

tests[].volumes[]

tests > volumes

List of volumes that should be mounted when starting the container.

Note: If neither hostPath nor module is specified, an empty ephemeral volume is created and mounted when deploying the container.

TypeDefaultRequired

array[object]

[]

No

tests[].volumes[].name

tests > volumes > name

The name of the allocated volume.

TypeRequired

string

Yes

tests[].volumes[].containerPath

tests > volumes > containerPath

The path where the volume should be mounted in the container.

TypeRequired

posixPath

Yes

tests[].volumes[].hostPath

tests > volumes > hostPath

NOTE: Usage of hostPath is generally discouraged, since it doesn't work reliably across different platforms and providers. Some providers may not support it at all.

A local path or path on the node that's running the container, to mount in the container, relative to the config source directory (or absolute).

TypeRequired

posixPath

No

Example:

tests:
  - volumes:
      - hostPath: "/some/dir"

tests[].volumes[].module

tests > volumes > module

The name of a volume module that should be mounted at containerPath. The supported module types will depend on which provider you are using. The kubernetes provider supports the persistentvolumeclaim module, for example.

When a module is specified, the referenced module/volume will be automatically configured as a runtime dependency of this service, as well as a build dependency of this module.

Note: Make sure to pay attention to the supported accessModes of the referenced volume. Unless it supports the ReadWriteMany access mode, you'll need to make sure it is not configured to be mounted by multiple services at the same time. Refer to the documentation of the module type in question to learn more.

TypeRequired

string

No

tests[].privileged

tests > privileged

If true, run the main container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

TypeRequired

boolean

No

tests[].addCapabilities[]

tests > addCapabilities

POSIX capabilities to add when running the container.

TypeRequired

array[string]

No

tests[].dropCapabilities[]

tests > dropCapabilities

POSIX capabilities to remove when running the container.

TypeRequired

array[string]

No

tests[].tty

tests > tty

Specify if containers in this action have TTY support enabled (which implies having stdin support enabled).

TypeDefaultRequired

boolean

false

No

tests[].deploymentStrategy

tests > deploymentStrategy

Specifies the container's deployment strategy.

TypeAllowed ValuesDefaultRequired

string

"RollingUpdate", "Recreate"

"RollingUpdate"

Yes

tests[].artifacts[]

tests > artifacts

Specify artifacts to copy out of the container after the run. The artifacts are stored locally under the .garden/artifacts directory.

Note: Depending on the provider, this may require the container image to include sh tar, in order to enable the file transfer.

TypeRequired

array[object]

No

Example:

tests:
  - artifacts:
      - source: /report/**/*

tests[].artifacts[].source

tests > artifacts > source

A POSIX-style path or glob to copy. Must be an absolute path. May contain wildcards.

TypeRequired

posixPath

Yes

Example:

tests:
  - artifacts:
      - source: /report/**/*
      - source: "/output/**/*"

tests[].artifacts[].target

tests > artifacts > target

A POSIX-style path to copy the artifacts to, relative to the project artifacts directory at .garden/artifacts.

TypeDefaultRequired

posixPath

"."

No

Example:

tests:
  - artifacts:
      - source: /report/**/*
      - target: "outputs/foo/"

tests[].image

tests > image

Specify an image ID to deploy. Should be a valid Docker image identifier. Required if no build is specified.

TypeRequired

string

No

tasks[]

A list of tasks that can be run from this container module. These can be used as dependencies for services (executed before the service is deployed) or for other tasks.

TypeDefaultRequired

array[object]

[]

No

tasks[].name

tasks > name

The name of the task.

TypeRequired

string

Yes

tasks[].description

tasks > description

A description of the task.

TypeRequired

string

No

tasks[].dependencies[]

tasks > dependencies

The names of any tasks that must be executed, and the names of any services that must be running, before this task is executed.

TypeDefaultRequired

array[string]

[]

No

tasks[].disabled

tasks > disabled

Set this to true to disable the task. You can use this with conditional template strings to enable/disable tasks based on, for example, the current environment or other variables (e.g. enabled: ${environment.name != "prod"}). This can be handy when you only want certain tasks to run in specific environments, e.g. only for development.

Disabling a task means that it will not be run, and will also be ignored if it is declared as a runtime dependency for another service, test or task.

Note however that template strings referencing the task's outputs (i.e. runtime outputs) will fail to resolve when the task is disabled, so you need to make sure to provide alternate values for those if you're using them, using conditional expressions.

TypeDefaultRequired

boolean

false

No

tasks[].timeout

tasks > timeout

Maximum duration (in seconds) of the task's execution.

TypeDefaultRequired

number

600

No

tasks[].command[]

tasks > command

The command/entrypoint to run the container with.

TypeRequired

array[string]

No

Example:

tasks:
  - command:
      - /bin/sh
      - '-c'

tasks[].args[]

tasks > args

The arguments (on top of the command, i.e. entrypoint) to run the container with.

TypeRequired

array[string]

No

Example:

tasks:
  - args:
      - npm
      - start

tasks[].env

tasks > env

Key/value map of environment variables. Keys must be valid POSIX environment variable names (must not start with GARDEN) and values must be primitives or references to secrets.

TypeDefaultRequired

object

{}

No

Example:

tasks:
  - env:
        - MY_VAR: some-value
          MY_SECRET_VAR:
            secretRef:
              name: my-secret
              key: some-key
        - {}

tasks[].cpu

tasks > cpu

TypeDefaultRequired

object

{"min":10,"max":1000}

No

tasks[].cpu.min

tasks > cpu > min

The minimum amount of CPU the container needs to be available for it to be deployed, in millicpus (i.e. 1000 = 1 CPU)

TypeDefaultRequired

number

10

No

tasks[].cpu.max

tasks > cpu > max

The maximum amount of CPU the container can use, in millicpus (i.e. 1000 = 1 CPU). If set to null will result in no limit being set.

TypeDefaultRequired

number

1000

No

tasks[].memory

tasks > memory

TypeDefaultRequired

object

{"min":90,"max":1024}

No

tasks[].memory.min

tasks > memory > min

The minimum amount of RAM the container needs to be available for it to be deployed, in megabytes (i.e. 1024 = 1 GB)

TypeDefaultRequired

number

90

No

tasks[].memory.max

tasks > memory > max

The maximum amount of RAM the container can use, in megabytes (i.e. 1024 = 1 GB) If set to null will result in no limit being set.

TypeDefaultRequired

number

1024

No

tasks[].volumes[]

tasks > volumes

List of volumes that should be mounted when starting the container.

Note: If neither hostPath nor module is specified, an empty ephemeral volume is created and mounted when deploying the container.

TypeDefaultRequired

array[object]

[]

No

tasks[].volumes[].name

tasks > volumes > name

The name of the allocated volume.

TypeRequired

string

Yes

tasks[].volumes[].containerPath

tasks > volumes > containerPath

The path where the volume should be mounted in the container.

TypeRequired

posixPath

Yes

tasks[].volumes[].hostPath

tasks > volumes > hostPath

NOTE: Usage of hostPath is generally discouraged, since it doesn't work reliably across different platforms and providers. Some providers may not support it at all.

A local path or path on the node that's running the container, to mount in the container, relative to the config source directory (or absolute).

TypeRequired

posixPath

No

Example:

tasks:
  - volumes:
      - hostPath: "/some/dir"

tasks[].volumes[].module

tasks > volumes > module

The name of a volume module that should be mounted at containerPath. The supported module types will depend on which provider you are using. The kubernetes provider supports the persistentvolumeclaim module, for example.

When a module is specified, the referenced module/volume will be automatically configured as a runtime dependency of this service, as well as a build dependency of this module.

Note: Make sure to pay attention to the supported accessModes of the referenced volume. Unless it supports the ReadWriteMany access mode, you'll need to make sure it is not configured to be mounted by multiple services at the same time. Refer to the documentation of the module type in question to learn more.

TypeRequired

string

No

tasks[].privileged

tasks > privileged

If true, run the main container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false.

TypeRequired

boolean

No

tasks[].addCapabilities[]

tasks > addCapabilities

POSIX capabilities to add when running the container.

TypeRequired

array[string]

No

tasks[].dropCapabilities[]

tasks > dropCapabilities

POSIX capabilities to remove when running the container.

TypeRequired

array[string]

No

tasks[].tty

tasks > tty

Specify if containers in this action have TTY support enabled (which implies having stdin support enabled).

TypeDefaultRequired

boolean

false

No

tasks[].deploymentStrategy

tasks > deploymentStrategy

Specifies the container's deployment strategy.

TypeAllowed ValuesDefaultRequired

string

"RollingUpdate", "Recreate"

"RollingUpdate"

Yes

tasks[].artifacts[]

tasks > artifacts

Specify artifacts to copy out of the container after the run. The artifacts are stored locally under the .garden/artifacts directory.

Note: Depending on the provider, this may require the container image to include sh tar, in order to enable the file transfer.

TypeRequired

array[object]

No

Example:

tasks:
  - artifacts:
      - source: /report/**/*

tasks[].artifacts[].source

tasks > artifacts > source

A POSIX-style path or glob to copy. Must be an absolute path. May contain wildcards.

TypeRequired

posixPath

Yes

Example:

tasks:
  - artifacts:
      - source: /report/**/*
      - source: "/output/**/*"

tasks[].artifacts[].target

tasks > artifacts > target

A POSIX-style path to copy the artifacts to, relative to the project artifacts directory at .garden/artifacts.

TypeDefaultRequired

posixPath

"."

No

Example:

tasks:
  - artifacts:
      - source: /report/**/*
      - target: "outputs/foo/"

tasks[].image

tasks > image

Specify an image ID to deploy. Should be a valid Docker image identifier. Required if no build is specified.

TypeRequired

string

No

tasks[].cacheResult

tasks > cacheResult

Set to false if you don't want the Runs's result to be cached. Use this if the Run needs to be run any time your project (or one or more of the Run's dependants) is deployed. Otherwise the Run is only re-run when its version changes, or when you run garden run.

TypeDefaultRequired

boolean

true

No

Outputs

Module Outputs

The following keys are available via the ${modules.<module-name>} template string key for jib-container modules.

${modules.<module-name>.buildPath}

The build path of the module.

Type

string

Example:

my-variable: ${modules.my-module.buildPath}

${modules.<module-name>.name}

The name of the module.

Type

string

${modules.<module-name>.path}

The source path of the module.

Type

string

Example:

my-variable: ${modules.my-module.path}

${modules.<module-name>.var.*}

A map of all variables defined in the module.

TypeDefault

object

{}

${modules.<module-name>.var.<variable-name>}

Type

string | number | boolean | link | array[link]

${modules.<module-name>.version}

The current version of the module.

Type

string

Example:

my-variable: ${modules.my-module.version}

Service Outputs

The following keys are available via the ${runtime.services.<service-name>} template string key for jib-container module services. Note that these are only resolved when deploying/running dependants of the service, so they are not usable for every field.

${runtime.services.<service-name>.version}

The current version of the service.

Type

string

Example:

my-variable: ${runtime.services.my-service.version}

Task Outputs

The following keys are available via the ${runtime.tasks.<task-name>} template string key for jib-container module tasks. Note that these are only resolved when deploying/running dependants of the task, so they are not usable for every field.

${runtime.tasks.<task-name>.version}

The current version of the task.

Type

string

Example:

my-variable: ${runtime.tasks.my-tasks.version}

Last updated