Kubernetes
Task runner that executes a task inside a pod in a Kubernetes cluster.
This plugin is only available in the [Enterprise Edition](https://kestra.io/enterprise) (EE).
This task runner is container-based so the `containerImage` property must be set to be able to use it.
To access the task's working directory, use the `{{workingDir}}` Pebble expression or the `WORKING_DIR` environment variable. Input files and namespace files will be available in this directory.
To generate output files you can either use the `outputFiles` task's property and create a file with the same name in the task's working directory, or create any file in the output directory which can be accessed by the `{{outputDir}}` Pebble expression or the `OUTPUT_DIR` environment variables.
Note that when the Kestra Worker running this task is terminated, the pod will still runs until completion, then after restarting, the Worker will resume processing on the existing pod unless `resume` is set to false.
If your cluster is configure with [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/), you need to configure the service account running your pod need to have the following authorizations:
- pods: get, create, delete, watch, list
- pods/log: get, watch
- pods/exec: get, watch
As an example, here is a role that grant those authorizations:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: task-runner
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "create", "delete", "watch", "list"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "watch"]
```
type: "io.kestra.plugin.ee.kubernetes.runner.Kubernetes"Execute a Shell command.
id: new-shell
namespace: company.team
tasks:
- id: shell
type: io.kestra.plugin.scripts.shell.Commands
taskRunner:
type: io.kestra.plugin.ee.kubernetes.runner.Kubernetes
commands:
- echo "Hello World"
Pass input files to the task, execute a Shell command, then retrieve output files.
id: new-shell-with-file
namespace: company.team
inputs:
- id: file
type: FILE
tasks:
- id: shell
type: io.kestra.plugin.scripts.shell.Commands
inputFiles:
data.txt: "{{ inputs.file }}"
outputFiles:
- out.txt
containerImage: centos
taskRunner:
type: io.kestra.plugin.ee.kubernetes.runner.Kubernetes
commands:
- cp {{ workingDir }}/data.txt {{ workingDir }}/out.txt
YESdefaultThe namespace where the pod will be created.
NOtrueWhether to reconnect to the current pod if it already exists.
YESPT5SdurationThe additional duration to wait for logs to arrive after pod completion.
As logs are not retrieved in real time, we cannot guarantee that we have fetched all logs when the pod complete, therefore we wait for a fixed amount of time to fetch late logs.
YESPT10MdurationThe maximum duration to wait until the pod is created.
This timeout is the maximum time that Kubernetes scheduler can take to
- schedule the pod
- pull the pod image
- and start the pod.
NOThe configuration of the target Kubernetes cluster.
YESAdditional YAML spec for the container.
NOtrueWhether the pod should be deleted upon completion.
YESAdditional YAML spec for the sidecar container.
NO{
"image": "busybox"
}The configuration of the file sidecar container that handle download and upload of files.
YESThe pod custom labels
Kestra will add default labels to the pod with execution and flow identifiers.
YESNode selector for pod scheduling
Kestra will assign the pod to the nodes you want (see Assign Pod Nodes)
YESAdditional YAML spec for the pod.
YESALWAYSIF_NOT_PRESENTALWAYSNEVERThe image pull policy for a container image and the tag of the image, which affect when Docker attempts to pull (download) the specified image.
NOThe pod custom resources
YESThe name of the service account.
NO\d+\.\d+\.\d+(-[a-zA-Z0-9-]+)?|([a-zA-Z0-9]+)The version of the plugin to use.
YESPT1HdurationThe maximum duration to wait for the pod completion unless the task timeout property is set which will take precedence over this property.
NONONOdurationNONORETRY_FAILED_TASKRETRY_FAILED_TASKCREATE_NEW_EXECUTIONNO >= 1NOdurationNOfalseYESbusyboxThe image used for the file sidecar container.
NOdurationNOdurationNONORETRY_FAILED_TASKRETRY_FAILED_TASKCREATE_NEW_EXECUTIONNO >= 1NOdurationNOfalseNONONONONOdurationNOdurationNONORETRY_FAILED_TASKRETRY_FAILED_TASKCREATE_NEW_EXECUTIONNONO >= 1NOdurationNOfalseYESv1The API version
YESCA certificate as data
YESCA certificate as file path
YESClient certificate as data
YESClient certificate as a file path
YESRSAClient key encryption algorithm
default is RSA
YESClient key as data
YESClient key as a file path
YESClient key passphrase
NODisable hostname verification
YESKey store file
YESKey store passphrase
YEShttps://kubernetes.default.svcThe url to the Kubernetes API
YESThe namespace used
YESOauth token
NOOauth token provider
YESPassword
NOTrust all certificates
YESTruststore file
YESTruststore passphrase
YESUsername
NOFAILWAITCANCELNO