local-kubernetes

Description
The local-kubernetes provider is a specialized version of the kubernetes provider that automates and simplifies working with local Kubernetes clusters.
For general Kubernetes usage information, please refer to the guides section. For local clusters a good place to start is the Local Kubernetes guide guide. The Getting Started guide is also helpful as an introduction.
If you're working with a remote Kubernetes cluster, please refer to the kubernetes provider docs, and the Remote Kubernetes guide guide.
Below is the full schema reference for the provider configuration. For an introduction to configuring a Garden project with providers, please look at our configuration guide.
The reference is divided into two sections. The first section contains the complete YAML schema, and the second section describes each schema key.
Complete YAML Schema
The values in the schema below are the default values.
1
providers:
2
  - # List other providers that should be resolved before this one.
3
    dependencies: []
4
​
5
    # If specified, this provider will only be used in the listed environments. Note that an empty array effectively
6
    # disables the provider. To use a provider in all environments, omit this field.
7
    environments:
8
​
9
    # Choose the mechanism for building container images before deploying. By default your local Docker daemon is
10
    # used, but you can set it to `cluster-buildkit` or `kaniko` to sync files to the cluster, and build container
11
    # images there. This removes the need to run Docker locally, and allows you to share layer and image caches
12
    # between multiple developers, as well as between your development and CI workflows.
13
    #
14
    # For more details on all the different options and what makes sense to use for your setup, please check out the
15
    # [in-cluster building guide](https://docs.garden.io/guides/in-cluster-building).
16
    #
17
    # **Note:** The `cluster-docker` mode has been deprecated and will be removed in a future release!
18
    buildMode: local-docker
19
​
20
    # Configuration options for the `cluster-buildkit` build mode.
21
    clusterBuildkit:
22
      # Enable rootless mode for the cluster-buildkit daemon, which runs the daemon with decreased privileges.
23
      # Please see [the buildkit docs](https://github.com/moby/buildkit/blob/master/docs/rootless.md) for caveats when
24
      # using this mode.
25
      rootless: false
26
​
27
      # Exposes the `nodeSelector` field on the PodSpec of the BuildKit deployment. This allows you to constrain the
28
      # BuildKit daemon to only run on particular nodes.
29
      #
30
      # [See here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) for the official Kubernetes
31
      # guide to assigning Pods to nodes.
32
      nodeSelector: {}
33
​
34
    # Configuration options for the `kaniko` build mode.
35
    kaniko:
36
      # Specify extra flags to use when building the container image with kaniko. Flags set on `container` modules
37
      # take precedence over these.
38
      extraFlags:
39
​
40
      # Change the kaniko image (repository/image:tag) to use when building in kaniko mode.
41
      image: 'gcr.io/kaniko-project/executor:v1.6.0-debug'
42
​
43
      # Choose the namespace where the Kaniko pods will be run. Set to `null` to use the project namespace.
44
      #
45
      # **IMPORTANT: The default namespace will change to the project namespace instead of the garden-system namespace
46
      # in an upcoming release!**
47
      namespace: garden-system
48
​
49
      # Exposes the `nodeSelector` field on the PodSpec of the Kaniko pods. This allows you to constrain the Kaniko
50
      # pods to only run on particular nodes.
51
      #
52
      # [See here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) for the official Kubernetes
53
      # guide to assigning Pods to nodes.
54
      nodeSelector:
55
​
56
      # Specify tolerations to apply to each Kaniko Pod. Useful to control which nodes in a cluster can run builds.
57
      tolerations:
58
        - # "Effect" indicates the taint effect to match. Empty means match all taint effects. When specified,
59
          # allowed values are "NoSchedule", "PreferNoSchedule" and "NoExecute".
60
          effect:
61
​
62
          # "Key" is the taint key that the toleration applies to. Empty means match all taint keys.
63
          # If the key is empty, operator must be "Exists"; this combination means to match all values and all keys.
64
          key:
65
​
66
          # "Operator" represents a key's relationship to the value. Valid operators are "Exists" and "Equal".
67
          # Defaults to
68
          # "Equal". "Exists" is equivalent to wildcard for value, so that a pod can tolerate all taints of a
69
          # particular category.
70
          operator: Equal
71
​
72
          # "TolerationSeconds" represents the period of time the toleration (which must be of effect "NoExecute",
73
          # otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate
74
          # the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately)
75
          # by the system.
76
          tolerationSeconds:
77
​
78
          # "Value" is the taint value the toleration matches to. If the operator is "Exists", the value should be
79
          # empty,
80
          # otherwise just a regular string.
81
          value:
82
​
83
    # A default hostname to use when no hostname is explicitly configured for a service.
84
    defaultHostname:
85
​
86
    # Sets the deployment strategy for `container` services.
87
    #
88
    # The default is `"rolling"`, which performs rolling updates. There is also experimental support for blue/green
89
    # deployments (via the `"blue-green"` strategy).
90
    #
91
    # Note that this setting only applies to `container` services (and not, for example,  `kubernetes` or `helm`
92
    # services).
93
    deploymentStrategy: rolling
94
​
95
    # Configuration options for dev mode.
96
    devMode:
97
      # Specifies default settings for dev mode syncs (e.g. for `container`, `kubernetes` and `helm` services).
98
      #
99
      # These are overridden/extended by the settings of any individual dev mode sync specs for a given module or
100
      # service.
101
      #
102
      # Dev mode is enabled when running the `garden dev` command, and by setting the `--dev` flag on the `garden
103
      # deploy` command.
104
      #
105
      # See the [Code Synchronization guide](https://docs.garden.io/guides/code-synchronization-dev-mode) for more
106
      # information.
107
      defaults:
108
        # Specify a list of POSIX-style paths or glob patterns that should be excluded from the sync.
109
        #
110
        # Any exclusion patterns defined in individual dev mode sync specs will be applied in addition to these
111
        # patterns.
112
        #
113
        # `.git` directories and `.garden` directories are always ignored.
114
        exclude:
115
​
116
        # The default permission bits, specified as an octal, to set on files at the sync target. Defaults to 0600
117
        # (user read/write). See the [Mutagen
118
        # docs](https://mutagen.io/documentation/synchronization/permissions#permissions) for more information.
119
        fileMode:
120
​
121
        # The default permission bits, specified as an octal, to set on directories at the sync target. Defaults to
122
        # 0700 (user read/write). See the [Mutagen
123
        # docs](https://mutagen.io/documentation/synchronization/permissions#permissions) for more information.
124
        directoryMode:
125
​
126
        # Set the default owner of files and directories at the target. Specify either an integer ID or a string name.
127
        # See the [Mutagen docs](https://mutagen.io/documentation/synchronization/permissions#owners-and-groups) for
128
        # more information.
129
        owner:
130
​
131
        # Set the default group on files and directories at the target. Specify either an integer ID or a string name.
132
        # See the [Mutagen docs](https://mutagen.io/documentation/synchronization/permissions#owners-and-groups) for
133
        # more information.
134
        group:
135
​
136
    # Require SSL on all `container` module services. If set to true, an error is raised when no certificate is
137
    # available for a configured hostname on a `container` module.
138
    forceSsl: false
139
​
140
    # References to `docker-registry` secrets to use for authenticating with remote registries when pulling
141
    # images. This is necessary if you reference private images in your module configuration, and is required
142
    # when configuring a remote Kubernetes environment with buildMode=local.
143
    imagePullSecrets:
144
      - # The name of the Kubernetes secret.
145
        name:
146
​
147
        # The namespace where the secret is stored. If necessary, the secret may be copied to the appropriate
148
        # namespace before use.
149
        namespace: default
150
​
151
    # Resource requests and limits for the in-cluster builder, container registry and code sync service. (which are
152
    # automatically installed and used when `buildMode` is `cluster-docker` or `kaniko`).
153
    resources:
154
      # Resource requests and limits for the in-cluster builder. It's important to consider which build mode you're
155
      # using when configuring this.
156
      #
157
      # When `buildMode` is `kaniko`, this refers to _each Kaniko pod_, i.e. each individual build, so you'll want to
158
      # consider the requirements for your individual image builds, with your most expensive/heavy images in mind.
159
      #
160
      # When `buildMode` is `cluster-buildkit`, this applies to the BuildKit deployment created in _each project
161
      # namespace_. So think of this as the resource spec for each individual user or project namespace.
162
      #
163
      # When `buildMode` is `cluster-docker`, this applies to the single Docker Daemon that is installed and run
164
      # cluster-wide. This is shared across all users and builds in the cluster, so it should be resourced
165
      # accordingly, factoring in how many concurrent builds you expect and how heavy your builds tend to be. **Note
166
      # that the cluster-docker build mode has been deprecated!**
167
      builder:
168
        limits:
169
          # CPU limit in millicpu.
170
          cpu: 4000
171
​
172
          # Memory limit in megabytes.
173
          memory: 8192
174
​
175
          # Ephemeral storage limit in megabytes.
176
          ephemeralStorage:
177
​
178
        requests:
179
          # CPU request in millicpu.
180
          cpu: 100
181
​
182
          # Memory request in megabytes.
183
          memory: 512
184
​
185
          # Ephemeral storage request in megabytes.
186
          ephemeralStorage:
187
​
188
      # Resource requests and limits for the in-cluster image registry. Built images are pushed to this registry,
189
      # so that they are available to all the nodes in your cluster.
190
      #
191
      # This is shared across all users and builds, so it should be resourced accordingly, factoring
192
      # in how many concurrent builds you expect and how large your images tend to be.
193
      registry:
194
        limits:
195
          # CPU limit in millicpu.
196
          cpu: 2000
197
​
198
          # Memory limit in megabytes.
199
          memory: 4096
200
​
201
          # Ephemeral storage limit in megabytes.
202
          ephemeralStorage:
203
​
204
        requests:
205
          # CPU request in millicpu.
206
          cpu: 200
207
​
208
          # Memory request in megabytes.
209
          memory: 512
210
​
211
          # Ephemeral storage request in megabytes.
212
          ephemeralStorage:
213
​
214
    # Storage parameters to set for the in-cluster builder, container registry and code sync persistent volumes
215
    # (which are automatically installed and used when `buildMode` is `cluster-docker` or `kaniko`).
216
    #
217
    # These are all shared cluster-wide across all users and builds, so they should be resourced accordingly,
218
    # factoring in how many concurrent builds you expect and how large your images and build contexts tend to be.
219
    storage:
220
      # Storage parameters for the in-cluster Docker registry volume. Built images are stored here, so that they
221
      # are available to all the nodes in your cluster.
222
      #
223
      # Only applies when `buildMode` is set to `cluster-docker` or `kaniko`, ignored otherwise.
224
      registry:
225
        # Volume size in megabytes.
226
        size: 20480
227
​
228
        # Storage class to use for the volume.
229
        storageClass: null
230
​
231
    # One or more certificates to use for ingress.
232
    tlsCertificates:
233
      - # A unique identifier for this certificate.
234
        name:
235
​
236
        # A list of hostnames that this certificate should be used for. If you don't specify these, they will be
237
        # automatically read from the certificate.
238
        hostnames:
239
​
240
        # A reference to the Kubernetes secret that contains the TLS certificate and key for the domain.
241
        secretRef:
242
          # The name of the Kubernetes secret.
243
          name:
244
​
245
          # The namespace where the secret is stored. If necessary, the secret may be copied to the appropriate
246
          # namespace before use.
247
          namespace: default
248
​
249
        # Set to `cert-manager` to configure [cert-manager](https://github.com/jetstack/cert-manager) to manage this
250
        # certificate. See our
251
        # [cert-manager integration guide](https://docs.garden.io/advanced/cert-manager-integration) for details.
252
        managedBy:
253
​
254
    # cert-manager configuration, for creating and managing TLS certificates. See the
255
    # [cert-manager guide](https://docs.garden.io/advanced/cert-manager-integration) for details.
256
    certManager:
257
      # Automatically install `cert-manager` on initialization. See the
258
      # [cert-manager integration guide](https://docs.garden.io/advanced/cert-manager-integration) for details.
259
      install: false
260
​
261
      # The email to use when requesting Let's Encrypt certificates.
262
      email:
263
​
264
      # The type of issuer for the certificate (only ACME is supported for now).
265
      issuer: acme
266
​
267
      # Specify which ACME server to request certificates from. Currently Let's Encrypt staging and prod servers are
268
      # supported.
269
      acmeServer: letsencrypt-staging
270
​
271
      # The type of ACME challenge used to validate hostnames and generate the certificates (only HTTP-01 is supported
272
      # for now).
273
      acmeChallengeType: HTTP-01
274
​
275
    # Exposes the `nodeSelector` field on the PodSpec of system services. This allows you to constrain the system
276
    # services to only run on particular nodes.
277
    #
278
    # [See here](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) for the official Kubernetes guide
279
    # to assigning Pods to nodes.
280
    systemNodeSelector: {}
281
​
282
    # For setting tolerations on the registry-proxy when using in-cluster building.
283
    # The registry-proxy is a DaemonSet that proxies connections to the docker registry service on each node.
284
    #
285
    # Use this only if you're doing in-cluster building and the nodes in your cluster
286
    # have [taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/).
287
    registryProxyTolerations:
288
      - # "Effect" indicates the taint effect to match. Empty means match all taint effects. When specified,
289
        # allowed values are "NoSchedule", "PreferNoSchedule" and "NoExecute".
290
        effect:
291
​
292
        # "Key" is the taint key that the toleration applies to. Empty means match all taint keys.
293
        # If the key is empty, operator must be "Exists"; this combination means to match all values and all keys.
294
        key:
295
​
296
        # "Operator" represents a key's relationship to the value. Valid operators are "Exists" and "Equal". Defaults
297
        # to
298
        # "Equal". "Exists" is equivalent to wildcard for value, so that a pod can tolerate all taints of a
299
        # particular category.
300
        operator: Equal
301
​
302
        # "TolerationSeconds" represents the period of time the toleration (which must be of effect "NoExecute",
303
        # otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate
304
        # the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately)
305
        # by the system.
306
        tolerationSeconds:
307
​
308
        # "Value" is the taint value the toleration matches to. If the operator is "Exists", the value should be
309
        # empty,
310
        # otherwise just a regular string.
311
        value:
312
​
313
    # The name of the provider plugin to use.
314
    name: local-kubernetes
315
​
316
    # The kubectl context to use to connect to the Kubernetes cluster.
317
    context:
318
​
319
    # Specify which namespace to deploy services to (defaults to the project name). Note that the framework generates
320
    # other namespaces as well with this name as a prefix.
321
    namespace:
322
      # A valid Kubernetes namespace name. Must be a valid RFC1035/RFC1123 (DNS) label (may contain lowercase letters,
323
      # numbers and dashes, must start with a letter, and cannot end with a dash) and must not be longer than 63
324
      # characters.
325
      name:
326
​
327
      # Map of annotations to apply to the namespace when creating it.
328
      annotations:
329
​
330
      # Map of labels to apply to the namespace when creating it.
331
      labels:
332
​
333
    # Set this to null or false to skip installing/enabling the `nginx` ingress controller.
334
    setupIngressController: nginx
Copied!
Configuration Keys
providers[]
Type
Default
Required
array[object]
[]
No
providers[].dependencies[]
​providers > dependencies
List other providers that should be resolved before this one.
Type
Default
Required
array[string]
[]
No
Example:
1
providers:
2
  - dependencies:
3
      - exec
Copied!
providers[].environments[]
​providers > environments
If specified, this provider will only be used in the listed environments. Note that an empty array effectively disables the provider. To use a provider in all environments, omit this field.
Type
Required
array[string]
No
Example:
1
providers:
2
  - environments:
3
      - dev
4
      - stage
Copied!
providers[].buildMode
​providers > buildMode
Choose the mechanism for building container images before deploying. By default your local Docker daemon is used, but you can set it to cluster-buildkit or kaniko to sync files to the cluster, and build container images there. This removes the need to run Docker locally, and allows you to share layer and image caches between multiple developers, as well as between your development and CI workflows.
For more details on all the different options and what makes sense to use for your setup, please check out the in-cluster building guide.
Note: The cluster-docker mode has been deprecated and will be removed in a future release!
Type
Default
Required
string
"local-docker"
No
providers[].clusterBuildkit
​providers > clusterBuildkit
Configuration options for the cluster-buildkit build mode.
Type
Required
object
No
providers[].clusterBuildkit.rootless
​providers > clusterBuildkit > rootless
Enable rootless mode for the cluster-buildkit daemon, which runs the daemon with decreased privileges. Please see the buildkit docs for caveats when using this mode.
Type
Default
Required
boolean
false
No
providers[].clusterBuildkit.nodeSelector
​providers > clusterBuildkit > nodeSelector
Exposes the nodeSelector field on the PodSpec of the BuildKit deployment. This allows you to constrain the BuildKit daemon to only run on particular nodes.
​See here for the official Kubernetes guide to assigning Pods to nodes.
Type
Default
Required
object
{}
No
Example:
1
providers:
2
  - clusterBuildkit:
3
      ...
4
      nodeSelector:
5
          disktype: ssd
Copied!
providers[].clusterDocker
​providers > clusterDocker
Deprecated: This field will be removed in a future release.
Configuration options for the cluster-docker build mode.
Type
Required
object
No
providers[].clusterDocker.enableBuildKit
​providers > clusterDocker > enableBuildKit
Deprecated: This field will be removed in a future release.
Enable BuildKit support. This should in most cases work well and be more performant, but we're opting to keep it optional until it's enabled by default in Docker.
Type
Default
Required
boolean
false
No
providers[].kaniko
​providers > kaniko
Configuration options for the kaniko build mode.
Type
Required
object
No
providers[].kaniko.extraFlags[]
​providers > kaniko > extraFlags
Specify extra flags to use when building the container image with kaniko. Flags set on container modules take precedence over these.
Type
Required
array[string]
No
providers[].kaniko.image
​providers > kaniko > image
Change the kaniko image (repository/image:tag) to use when building in kaniko mode.
Type
Default
Required
string
"gcr.io/kaniko-project/executor:v1.6.0-debug"
No
providers[].kaniko.namespace
​providers > kaniko > namespace
Choose the namespace where the Kaniko pods will be run. Set to null to use the project namespace.
IMPORTANT: The default namespace will change to the project namespace instead of the garden-system namespace in an upcoming release!
Type
Default
Required
string
"garden-system"
No
providers[].kaniko.nodeSelector
​providers > kaniko > nodeSelector
Exposes the nodeSelector field on the PodSpec of the Kaniko pods. This allows you to constrain the Kaniko pods to only run on particular nodes.
​See here for the official Kubernetes guide to assigning Pods to nodes.
Type
Required
object
No
providers[].kaniko.tolerations[]
​providers > kaniko > tolerations
Specify tolerations to apply to each Kaniko Pod. Useful to control which nodes in a cluster can run builds.
Type
Default
Required
array[object]
[]
No
providers[].kaniko.tolerations[].effect
​providers > kaniko > tolerations > effect
"Effect" indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are "NoSchedule", "PreferNoSchedule" and "NoExecute".
Type
Required
string
No
providers[].kaniko.tolerations[].key
​providers > kaniko > tolerations > key
"Key" is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be "Exists"; this combination means to match all values and all keys.
Type
Required
string
No
providers[].kaniko.tolerations[].operator
​providers > kaniko > tolerations > operator
"Operator" represents a key's relationship to the value. Valid operators are "Exists" and "Equal". Defaults to "Equal". "Exists" is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category.
Type
Default
Required
string
"Equal"
No
providers[].kaniko.tolerations[].tolerationSeconds
​providers > kaniko > tolerations > tolerationSeconds
"TolerationSeconds" represents the period of time the toleration (which must be of effect "NoExecute", otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system.
Type
Required
string
No
providers[].kaniko.tolerations[].value
​providers > kaniko > tolerations > value
"Value" is the taint value the toleration matches to. If the operator is "Exists", the value should be empty, otherwise just a regular string.
Type
Required
string
No
providers[].defaultHostname
​providers > defaultHostname
A default hostname to use when no hostname is explicitly configured for a service.
Type
Required
string
No
Example:
1
providers:
2
  - defaultHostname: "api.mydomain.com"
Copied!
providers[].deploymentStrategy
​providers > deploymentStrategy
Experimental: this is an experimental feature and the API might change in the future.
Sets the deployment strategy for container services.
The default is "rolling", which performs rolling updates. There is also experimental support for blue/green deployments (via the "blue-green" strategy).
Note that this setting only applies to container services (and not, for example, kubernetes or helm services).
Type
Default
Required
string
"rolling"
No
providers[].devMode
​providers > devMode
Configuration options for dev mode.
Type
Required
object
No
providers[].devMode.defaults
​providers > devMode > defaults
Specifies default settings for dev mode syncs (e.g. for container, kubernetes and helm services).
These are overridden/extended by the settings of any individual dev mode sync specs for a given module or service.
Dev mode is enabled when running the garden dev command, and by setting the --dev flag on the garden deploy command.
See the Code Synchronization guide for more information.
Type
Required
object
No
providers[].devMode.defaults.exclude[]
​providers > devMode > defaults > exclude
Specify a list of POSIX-style paths or glob patterns that should be excluded from the sync.
Any exclusion patterns defined in individual dev mode sync specs will be applied in addition to these patterns.
.git directories and .garden directories are always ignored.
Type
Required
array[posixPath]
No
Example:
1
providers:
2
  - devMode:
3
      ...
4
      defaults:
5
        ...
6
        exclude:
7
          - dist/**/*
8
          - '*.log'
Copied!
providers[].devMode.defaults.fileMode
​providers > devMode > defaults > fileMode
The default permission bits, specified as an octal, to set on files at the sync target. Defaults to 0600 (user read/write). See the Mutagen docs for more information.
Type
Required
number
No
providers[].devMode.defaults.directoryMode
​providers > devMode > defaults > directoryMode
The default permission bits, specified as an octal, to set on directories at the sync target. Defaults to 0700 (user read/write). See the Mutagen docs for more information.
Type
Required
number
No
providers[].devMode.defaults.owner
​providers > devMode > defaults > owner
Set the default owner of files and directories at the target. Specify either an integer ID or a string name. See the Mutagen docs for more information.
Type
Required
​
`number
string`
No
providers[].devMode.defaults.group
​providers > devMode > defaults > group
Set the default group on files and directories at the target. Specify either an integer ID or a string name. See the Mutagen docs for more information.
Type
Required
​
`number
string`
No
providers[].forceSsl
​providers > forceSsl
Require SSL on all container module services. If set to true, an error is raised when no certificate is available for a configured hostname on a container module.
Type
Default
Required
boolean
false
No
providers[].imagePullSecrets[]
​providers > imagePullSecrets
References to docker-registry secrets to use for authenticating with remote registries when pulling images. This is necessary if you reference private images in your module configuration, and is required when configuring a remote Kubernetes environment with buildMode=local.
Type
Default
Required
array[object]
[]
No
providers[].imagePullSecrets[].name
​providers > imagePullSecrets > name
The name of the Kubernetes secret.
Type
Required
string
Yes
Example:
1
providers:
2
  - imagePullSecrets:
3
      - name: "my-secret"
Copied!
providers[].imagePullSecrets[].namespace
​providers > imagePullSecrets > namespace
The namespace where the secret is stored. If necessary, the secret may be copied to the appropriate namespace before use.
Type
Default
Required
string
"default"
No
providers[].resources
​providers > resources
Resource requests and limits for the in-cluster builder, container registry and code sync service. (which are automatically installed and used when buildMode is cluster-docker or kaniko).
Type
Default
Required
object
{"builder":{"limits":{"cpu":4000,"memory":8192},"requests":{"cpu":100,"memory":512}},"registry":{"limits":{"cpu":2000,"memory":4096},"requests":{"cpu":200,"memory":512}},"sync":{"limits":{"cpu":500,"memory":512},"requests":{"cpu":100,"memory":90}}}
No
providers[].resources.builder
​providers > resources > builder
Resource requests and limits for the in-cluster builder. It's important to consider which build mode you're using when configuring this.
When buildMode is kaniko, this refers to each Kaniko pod, i.e. each individual build, so you'll want to consider the requirements for your individual image builds, with your most expensive/heavy images in mind.
When buildMode is cluster-buildkit, this applies to the BuildKit deployment created in each project namespace. So think of this as the resource spec for each individual user or project namespace.
When buildMode is cluster-docker, this applies to the single Docker Daemon that is installed and run cluster-wide. This is shared across all users and builds in the cluster, so it should be resourced accordingly, factoring in how many concurrent builds you expect and how heavy your builds tend to be. Note that the cluster-docker build mode has been deprecated!
Type
Default
Required
object
{"limits":{"cpu":4000,"memory":8192},"requests":{"cpu":100,"memory":512}}
No
providers[].resources.builder.limits
​providers > resources > builder > limits
Type
Default
Required
object
{"cpu":4000,"memory":8192}
No
providers[].resources.builder.limits.cpu
​providers > resources > builder > limits > cpu
CPU limit in millicpu.
Type
Default
Required
number
4000
No
Example:
1
providers:
2
  - resources:
3
      ...
4
      builder:
5
        ...
6
        limits:
7
          ...
8
          cpu: 4000
Copied!
providers[].resources.builder.limits.memory
​providers > resources > builder > limits > memory
Memory limit in megabytes.