Backend: Kubernetes
Kubernetes backend configuration variables for agents.
Namespace
Section titled “Namespace”BACKEND_K8S_NAMESPACE
Section titled “BACKEND_K8S_NAMESPACE”- Name:
CROW_BACKEND_K8S_NAMESPACE - Description: The k8s namespace to execute pipelines in
- Default:
crow
BACKEND_K8S_NAMESPACE_PER_ORGANIZATION
Section titled “BACKEND_K8S_NAMESPACE_PER_ORGANIZATION”- Name:
CROW_BACKEND_K8S_NAMESPACE_PER_ORGANIZATION - Description: Enables namespace isolation per organization. When enabled, each organization gets its own dedicated Kubernetes namespace for improved security and resource isolation. The name format follows
{CROW_BACKEND_K8S_NAMESPACE}-{organization-id}. Namespaces are created automatically, but not removed when organizations are removed from the Crow instance. - Default:
false
Pod Configuration
Section titled “Pod Configuration”BACKEND_K8S_POD_LABELS
Section titled “BACKEND_K8S_POD_LABELS”- Name:
CROW_BACKEND_K8S_POD_LABELS - Description: Additional labels to apply to worker Pods. Must be a YAML object, e.g.
{"example.com/test-label":"test-value"} - Default: none
BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP
Section titled “BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP”- Name:
CROW_BACKEND_K8S_POD_LABELS_ALLOW_FROM_STEP - Description: Determines if Pod annotations can be defined from a step’s backend options.
- Default:
false
BACKEND_K8S_POD_ANNOTATIONS
Section titled “BACKEND_K8S_POD_ANNOTATIONS”- Name:
CROW_BACKEND_K8S_POD_ANNOTATIONS - Description: Additional annotations to apply to worker Pods. Must be a YAML object, e.g.
{"example.com/test-annotation":"test-value"} - Default:
crow
BACKEND_K8S_POD_NODE_SELECTOR
Section titled “BACKEND_K8S_POD_NODE_SELECTOR”- Name:
CROW_BACKEND_K8S_POD_NODE_SELECTOR - Description: Additional node selector to apply to worker pods. Must be a YAML object, e.g.
{"topology.kubernetes.io/region":"eu-central-1"} - Default: none
BACKEND_K8S_POD_TOLERATIONS
Section titled “BACKEND_K8S_POD_TOLERATIONS”- Name:
CROW_BACKEND_K8S_POD_TOLERATIONS - Description: Additional tolerations to apply to worker Pods. Must be a YAML object, e.g.
[{"effect":"NoSchedule","key":"jobs","operator":"Exists"}]. - Default: none
BACKEND_K8S_POD_TOLERATIONS_ALLOW_FROM_STEP
Section titled “BACKEND_K8S_POD_TOLERATIONS_ALLOW_FROM_STEP”- Name:
CROW_BACKEND_K8S_POD_TOLERATIONS_ALLOW_FROM_STEP - Description: Determines if Pod tolerations can be defined from a step’s backend options.
- Default:
true
BACKEND_K8S_PRIORITY_CLASS
Section titled “BACKEND_K8S_PRIORITY_CLASS”- Name:
CROW_BACKEND_K8S_PRIORITY_CLASS - Description: Which Kubernetes PriorityClass to assign to created job pods.
- Default: none, which will use the default priority class configured in Kubernetes
Storage
Section titled “Storage”BACKEND_K8S_STORAGE_CLASS
Section titled “BACKEND_K8S_STORAGE_CLASS”- Name:
CROW_BACKEND_K8S_STORAGE_CLASS - Description: The storage class to use for the temporary pipeline volume.
- Default: none
BACKEND_K8S_STORAGE_RWX
Section titled “BACKEND_K8S_STORAGE_RWX”- Name:
CROW_BACKEND_K8S_STORAGE_RWX - Description: Whether a RWX should be used for the temporary pipeline volume. If false, RWO is used instead.
- Default:
true
BACKEND_K8S_VOLUME_SIZE
Section titled “BACKEND_K8S_VOLUME_SIZE”- Name:
CROW_BACKEND_K8S_VOLUME_SIZE - Description: The volume size of the temporary pipeline volume.
- Default:
10G
Security
Section titled “Security”BACKEND_K8S_SECCTX_NONROOT
Section titled “BACKEND_K8S_SECCTX_NONROOT”- Name:
CROW_BACKEND_K8S_SECCTX_NONROOT - Description: Whether containers must be run as a non-root user.
- Default:
false
BACKEND_K8S_PULL_SECRET_NAMES
Section titled “BACKEND_K8S_PULL_SECRET_NAMES”- Name:
CROW_BACKEND_K8S_PULL_SECRET_NAMES - Description: Secret names to pull images from private repositories.
- Default: none