API Reference

Packages:

skiperator.kartverket.no/v1alpha1

skiperator.kartverket.no/v1alpha1

Resource Types:

Application
Routing
SKIPJob

Application

Root object for Application resource. An application resource is a resource for easily managing a Dockerized container within the context of a Kartverket cluster. This allows product teams to avoid the need to set up networking on the cluster, as well as a lot of out of the box security features.

Name	Type	Description	Required
apiVersion	string	skiperator.kartverket.no/v1alpha1	true
kind	string	Application	true
metadata	object	Refer to the Kubernetes API documentation for the fields of the `metadata` field.	true
spec	object		false
status	object	SkiperatorStatus A status field shown on a Skiperator resource which contains information regarding deployment of the resource.	false

Name	Type	Description	Required
image	string	The image the application will run. This image will be added to a Deployment resource	true
port	integer	The port the deployment exposes	true
accessPolicy	object	The root AccessPolicy for managing zero trust access to your Application. See AccessPolicy for more information.	false
additionalPorts	[]object	An optional list of extra port to expose on a pod level basis, for example so Instana or other APM tools can reach it	false
appProtocol	enum	Protocol that the application speaks. Enum: http, tcp, udp Default: http	false
authorizationSettings	object	Used for allow listing certain default blocked endpoints, such as /actuator/ end points	false
command	[]string	Override the command set in the Dockerfile. Usually only used when debugging or running third-party containers where you don't have control over the Dockerfile	false
enablePDB	boolean	Whether to enable automatic Pod Disruption Budget creation for this application. Default: true	false
env	[]object	Environment variables that will be set inside the Deployment's Pod. See https://pkg.go.dev/k8s.io/api/core/v1#EnvVar for examples.	false
envFrom	[]object	Environment variables mounted from files. When specified all the keys of the resource will be assigned as environment variables. Supports both configmaps and secrets. For mounting as files see FilesFrom.	false
filesFrom	[]object	Mounting volumes into the Deployment are done using the FilesFrom argument FilesFrom supports ConfigMaps, Secrets and PVCs. The Application resource assumes these have already been created by you, and will fail if this is not the case. For mounting environment variables see EnvFrom.	false
gcp	object	GCP is used to configure Google Cloud Platform specific settings for the application.	false
idporten	object	Settings for IDPorten integration with Digitaliseringsdirektoratet	false
ingresses	[]string	Any external hostnames that route to this application. Using a skip.statkart.no-address will make the application reachable for kartverket-clients (internal), other addresses make the app reachable on the internet. Note that other addresses than skip.statkart.no (also known as pretty hostnames) requires additional DNS setup. The below hostnames will also have TLS certificates issued and be reachable on both HTTP and HTTPS. Ingresses must be lowercase, contain no spaces, be a non-empty string, and have a hostname/domain separated by a period They can optionally be suffixed with a plus and name of a custom TLS secret located in the istio-gateways namespace. E.g. "foo.atkv3-dev.kartverket-intern.cloud+env-wildcard-cert"	false
labels	map[string]string	Labels can be used if you want every resource created by your application to have the same labels, including your application. This could for example be useful for metrics, where a certain label and the corresponding resources liveliness can be combined. Any amount of labels can be added as wanted, and they will all cascade down to all resources.	false
liveness	object	Liveness probes define a resource that returns 200 OK when the app is running as intended. Returning a non-200 code will make kubernetes restart the app. Liveness is optional, but when provided, path and port are required See Probe for structure definition.	false
maskinporten	object	Settings for Maskinporten integration with Digitaliseringsdirektoratet	false
podSettings	object	PodSettings are used to apply specific settings to the Pod Template used by Skiperator to create Deployments. This allows you to set things like annotations on the Pod to change the behaviour of sidecars, and set relevant Pod options such as TerminationGracePeriodSeconds.	false
priority	enum	An optional priority. Supported values are 'low', 'medium' and 'high'. The default value is 'medium'. Most workloads should not have to specify this field. If you think you do, please consult with SKIP beforehand. Enum: low, medium, high Default: medium	false
prometheus	object	Optional settings for how Prometheus compatible metrics should be scraped.	false
readiness	object	Readiness probes define a resource that returns 200 OK when the app is running as intended. Kubernetes will wait until the resource returns 200 OK before marking the pod as Running and progressing with the deployment strategy. Readiness is optional, but when provided, path and port are required	false
redirectToHTTPS	boolean	Controls whether the application will automatically redirect all HTTP calls to HTTPS via the istio VirtualService. This redirect does not happen on the route /.well-known/acme-challenge/, as the ACME challenge can only be done on port 80. Default: true	false
replicas	JSON	The number of replicas can either be specified as a static number as follows: `replicas: 2` Or by specifying a range between min and max to enable HorizontalPodAutoscaling. The default value for replicas is: replicas: min: 2 max: 5 targetCpuUtilization: 80 Using autoscaling is the recommended configuration for replicas.	false
resourceLabels	map[string]map[string]string	ResourceLabels can be used if you want to add a label to a specific resources created by the application. One such label could for example be set on a Deployment, such that the deployment avoids certain rules from Gatekeeper, or similar. Any amount of labels may be added per ResourceLabels item.	false
resources	object	ResourceRequirements to apply to the deployment. It's common to set some of these to prevent the app from swelling in resource usage and consuming all the resources of other apps on the cluster.	false
startup	object	Kubernetes uses startup probes to know when a container application has started. If such a probe is configured, it disables liveness and readiness checks until it succeeds, making sure those probes don't interfere with the application startup. This can be used to adopt liveness checks on slow starting containers, avoiding them getting killed by Kubernetes before they are up and running. Startup is optional, but when provided, path and port are required	false
strategy	object	Defines an alternative strategy for the Kubernetes deployment. This is useful when the default strategy, RollingUpdate, is not usable. Setting type to Recreate will take down all the pods before starting new pods, whereas the default of RollingUpdate will try to start the new pods before taking down the old ones. Valid values are: RollingUpdate, Recreate. Default is RollingUpdate	false
team	string	Team specifies the team who owns this particular app. Usually sourced from the namespace label.	false

Name	Type	Description	Required
inbound	object	Inbound specifies the ingress rules. Which apps on the cluster can talk to this app?	false
outbound	object	Outbound specifies egress rules. Which apps on the cluster and the internet is the Application allowed to send requests to?	false

Name	Type	Description	Required
application	string	The name of the Application you are allowing traffic to/from. If you wish to allow traffic from a SKIPJob, this field should be suffixed with -skipjob	true
namespace	string	The namespace in which the Application you are allowing traffic to/from resides. If unset, uses namespace of Application.	false
namespacesByLabel	map[string]string	Namespace label value-pair in which the Application you are allowing traffic to/from resides. If both namespace and namespacesByLabel are set, namespace takes precedence and namespacesByLabel is omitted.	false
ports	[]object	The ports to allow for the above application.	false

Name	Type	Description	Required
endPort	integer	endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. Format: int32	false
port	int or string	port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.	false
protocol	string	protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.	false

Name	Type	Description	Required
external	[]object	External specifies which applications on the internet the application can reach. Only host is required unless it is on another port than HTTPS port 443. If other ports or protocols are required then `ports` must be specified as well	false
rules	[]object	Rules apply the same in-cluster rules as InboundPolicy	false

Name	Type	Description	Required
host	string		true
ip	string	Non-HTTP requests (i.e. using the TCP protocol) need to use IP in addition to hostname Only required for TCP requests. Note: Hostname must always be defined even if IP is set statically	false
ports	[]object	The ports to allow for the above hostname. When not specified HTTP and HTTPS on port 80 and 443 respectively are put into the allowlist	false

Name	Type	Description	Required
name	string	Name is required and is an arbitrary name. Must be unique within all ExternalRule ports.	true
port	integer	The port number of the external host	true
protocol	enum	The protocol to use for communication with the host. Only HTTP, HTTPS and TCP are supported. Enum: HTTP, HTTPS, TCP	true

Name	Type	Description	Required
allowAll	boolean	Allows all endpoints by not creating an AuthorizationPolicy, and ignores the content of AllowList. If field is false, the contents of AllowList will be used instead if AllowList is set. Default: false	false
allowList	[]string	Allows specific endpoints. Common endpoints one might want to allow include /actuator/health, /actuator/startup, /actuator/info. Note that endpoints are matched specifically on the input, so if you allow /actuator/health, you will not allow /actuator/health/	false

Name	Type	Description	Required
name	string	Name of the environment variable. Must be a C_IDENTIFIER.	true
value	string	Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".	false
valueFrom	object	Source for the environment variable's value. Cannot be used if value is not empty.	false

Name	Type	Description	Required
configMapKeyRef	object	Selects a key of a ConfigMap.	false
fieldRef	object	Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.	false
resourceFieldRef	object	Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.	false
secretKeyRef	object	Selects a key of a secret in the pod's namespace	false

Name	Type	Description	Required
enabled	boolean	Whether to enable provisioning of an ID-porten client. If enabled, an ID-porten client be provisioned.	true
accessTokenLifetime	integer	AccessTokenLifetime is the lifetime in seconds for any issued access token from ID-porten. If unspecified, defaults to `3600` seconds (1 hour). Minimum: 1 Maximum: 3600	false
clientName	string	The name of the Client as shown in Digitaliseringsdirektoratet's Samarbeidsportal Meant to be a human-readable name for separating clients in the portal	false
clientURI	string	ClientURI is the URL shown to the user at ID-porten when displaying a 'back' button or on errors.	false
frontchannelLogoutPath	string	FrontchannelLogoutPath is a valid path for your application where ID-porten sends a request to whenever the user has initiated a logout elsewhere as part of a single logout (front channel logout) process.	false
integrationType	enum	IntegrationType is used to make sensible choices for your client. Which type of integration you choose will provide guidance on which scopes you can use with the client. A client can only have one integration type. NB! It is not possible to change the integration type after creation. Enum: krr, idporten, api_klient	false
postLogoutRedirectPath	string	PostLogoutRedirectPath is a simpler verison of PostLogoutRedirectURIs that will be appended to the ingress	false
postLogoutRedirectURIs	[]string	PostLogoutRedirectURIs are valid URIs that ID-porten will allow redirecting the end-user to after a single logout has been initiated and performed by the application.	false
redirectPath	string	RedirectPath is a valid path that ID-porten redirects back to after a successful authorization request.	false
scopes	[]string	Register different oauth2 Scopes on your client. You will not be able to add a scope to your client that conflicts with the client's IntegrationType. For example, you can not add a scope that is limited to the IntegrationType `krr` of IntegrationType `idporten`, and vice versa. Default for IntegrationType `krr` = ("krr:global/kontaktinformasjon.read", "krr:global/digitalpost.read") Default for IntegrationType `idporten` = ("openid", "profile") IntegrationType `api_klient` have no Default, checkout Digdir documentation.	false
sessionLifetime	integer	SessionLifetime is the maximum lifetime in seconds for any given user's session in your application. The timeout starts whenever the user is redirected from the `authorization_endpoint` at ID-porten. If unspecified, defaults to `7200` seconds (2 hours). Note: Attempting to refresh the user's `access_token` beyond this timeout will yield an error. Minimum: 3600 Maximum: 7200	false

Name	Type	Description	Required
enabled	boolean	If enabled, provisions and configures a Maskinporten client with consumed scopes and/or Exposed scopes with DigDir.	true
clientName	string	The name of the Client as shown in Digitaliseringsdirektoratet's Samarbeidsportal Meant to be a human-readable name for separating clients in the portal	false
scopes	object	Schema to configure Maskinporten clients with consumed scopes and/or exposed scopes.	false

Name	Type	Description	Required
enabled	boolean	If Enabled the configured scope is available to be used and consumed by organizations granted access.	true
name	string	The actual subscope combined with `Product`. Ensure that `` matches `Pattern`.	true
product	string	The product-area your application belongs to e.g. arbeid, helse ... This will be included in the final scope `nav:`.	true
accessibleForAll	boolean	Allow any organization to access the scope.	false
allowedIntegrations	[]string	Whitelisting of integration's allowed. Default is `maskinporten`	false
atMaxAge	integer	Max time in seconds for a issued access_token. Default is `30` sec. Minimum: 30 Maximum: 680	false
consumers	[]object	External consumers granted access to this scope and able to request access_token.	false
delegationSource	enum	Delegation source for the scope. Default is empty, which means no delegation is allowed. Enum: altinn	false
separator	string	Separator is the character that separates `product` and `name` in the final scope: `scope := :` This overrides the default separator. The default separator is `:`. If `name` contains `/`, the default separator is instead `/`.	false

Name	Type	Description	Required
key	string	The key to select.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the ConfigMap or its key must be defined	false

Name	Type	Description	Required
fieldPath	string	Path of the field to select in the specified API version.	true
apiVersion	string	Version of the schema the FieldPath is written in terms of, defaults to "v1".	false

Name	Type	Description	Required
resource	string	Required: resource to select	true
containerName	string	Container name: required for volumes, optional for env vars	false
divisor	int or string	Specifies the output format of the exposed resources, defaults to "1"	false

Name	Type	Description	Required
key	string	The key of the secret to select from. Must be a valid secret key.	true
name	string	Name of the referent. This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names Default:	false
optional	boolean	Specify whether the Secret or its key must be defined	false

Name	Type	Description	Required
configMap	string	Name of Kubernetes ConfigMap in which the deployment should mount environment variables from. Must be in the same namespace as the Application	false
secret	string	Name of Kubernetes Secret in which the deployment should mount environment variables from. Must be in the same namespace as the Application	false

Name	Type	Description	Required
mountPath	string	The path to mount the file in the Pods directory. Required.	true
configMap	string		false
emptyDir	string		false
persistentVolumeClaim	string		false
secret	string		false

Name	Type	Description	Required
auth	object	Configuration for authenticating a Pod with Google Cloud Platform For authentication with GCP, to use services like Secret Manager and/or Pub/Sub we need to set the GCP Service Account Pods should identify as. To allow this, we need the IAM role iam.workloadIdentityUser set on a GCP service account and bind this to the Pod's Kubernetes SA. Documentation on how this is done can be found here (Closed Wiki): https://kartverket.atlassian.net/wiki/spaces/SKIPDOK/pages/422346824/Autentisering+mot+GCP+som+Kubernetes+SA	false
cloudSqlProxy	object	CloudSQL is used to deploy a CloudSQL proxy sidecar in the pod. This is useful for connecting to CloudSQL databases that require Cloud SQL Auth Proxy.	false

Name	Type	Description	Required
connectionName	string	Connection name for the CloudSQL instance. Found in the Google Cloud Console under your CloudSQL resource. The format is "projectName:region:instanceName" E.g. "skip-prod-bda1:europe-north1:my-db".	true
ip	string	The IP address of the CloudSQL instance. This is used to create a serviceentry for the CloudSQL proxy.	true
serviceAccount	string	Service account used by cloudsql auth proxy. This service account must have the roles/cloudsql.client role.	true
version	string	Image version for the CloudSQL proxy sidecar. Default: 2.8.0	false

Name	Type	Description	Required
path	string	The path to access on the HTTP server	true
port	int or string	Number of the port to access on the container	true
failureThreshold	integer	Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1 Format: int32 Default: 3	false
initialDelay	integer	Delay sending the first probe by X seconds. Can be useful for applications that are slow to start. Format: int32 Default: 0	false
period	integer	Number of seconds Kubernetes waits between each probe. Defaults to 10 seconds. Format: int32 Default: 10	false
successThreshold	integer	Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup Probes. Minimum value is 1. Format: int32 Default: 1	false
timeout	integer	Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 Format: int32 Default: 1	false

Name	Type	Description	Required
consumes	[]object	This is the Schema for the consumes and exposes API. `consumes` is a list of scopes that your client can request access to.	false
exposes	[]object	`exposes` is a list of scopes your application want to expose to other organization where access to the scope is based on organization number.	false

Files

api-docs.md

Latest commit

History

api-docs.md

File metadata and controls

API Reference

skiperator.kartverket.no/v1alpha1

Application

Application.spec

Application.spec.accessPolicy

Application.spec.accessPolicy.inbound

Application.spec.accessPolicy.inbound.rules[index]

Application.spec.accessPolicy.inbound.rules[index].ports[index]

Application.spec.accessPolicy.outbound

Application.spec.accessPolicy.outbound.external[index]

Application.spec.accessPolicy.outbound.external[index].ports[index]

Application.spec.accessPolicy.outbound.rules[index]

Application.spec.accessPolicy.outbound.rules[index].ports[index]

Application.spec.additionalPorts[index]

Application.spec.authorizationSettings

Application.spec.env[index]

Application.spec.env[index].valueFrom

Application.spec.env[index].valueFrom.configMapKeyRef

Application.spec.env[index].valueFrom.fieldRef

Application.spec.env[index].valueFrom.resourceFieldRef

Application.spec.env[index].valueFrom.secretKeyRef

Application.spec.envFrom[index]

Application.spec.filesFrom[index]

Application.spec.gcp

Application.spec.gcp.auth

Application.spec.gcp.cloudSqlProxy

Application.spec.idporten

Application.spec.liveness

Application.spec.maskinporten

Application.spec.maskinporten.scopes

Application.spec.maskinporten.scopes.consumes[index]

Application.spec.maskinporten.scopes.exposes[index]

Application.spec.maskinporten.scopes.exposes[index].consumers[index]

Application.spec.podSettings

Application.spec.prometheus

Application.spec.readiness

Application.spec.resources

Application.spec.startup

Application.spec.strategy

Application.status

Application.status.conditions[index]

Application.status.subresources[key]

Application.status.summary

Routing

Routing.spec

Routing.spec.routes[index]

Routing.status

Routing.status.conditions[index]

Routing.status.subresources[key]

Routing.status.summary

SKIPJob

SKIPJob.spec

SKIPJob.spec.container

SKIPJob.spec.container.accessPolicy

SKIPJob.spec.container.accessPolicy.inbound

SKIPJob.spec.container.accessPolicy.inbound.rules[index]

SKIPJob.spec.container.accessPolicy.inbound.rules[index].ports[index]

SKIPJob.spec.container.accessPolicy.outbound

SKIPJob.spec.container.accessPolicy.outbound.external[index]

SKIPJob.spec.container.accessPolicy.outbound.external[index].ports[index]

SKIPJob.spec.container.accessPolicy.outbound.rules[index]

SKIPJob.spec.container.accessPolicy.outbound.rules[index].ports[index]

SKIPJob.spec.container.additionalPorts[index]

SKIPJob.spec.container.env[index]

SKIPJob.spec.container.env[index].valueFrom

SKIPJob.spec.container.env[index].valueFrom.configMapKeyRef

SKIPJob.spec.container.env[index].valueFrom.fieldRef

SKIPJob.spec.container.env[index].valueFrom.resourceFieldRef

SKIPJob.spec.container.env[index].valueFrom.secretKeyRef

SKIPJob.spec.container.envFrom[index]

SKIPJob.spec.container.filesFrom[index]

SKIPJob.spec.container.gcp

SKIPJob.spec.container.gcp.auth

SKIPJob.spec.container.gcp.cloudSqlProxy

Name	Type	Description	Required
orgno	string	The external business/organization number.	true
name	string	This is a describing field intended for clarity not used for any other purpose.	false

Name	Type	Description	Required
annotations	map[string]string	Annotations that are set on Pods created by Skiperator. These annotations can for example be used to change the behaviour of sidecars and similar.	false
disablePodSpreadTopologyConstraints	boolean	DisablePodSpreadTopologyConstraints specifies whether to disable the addition of Pod Topology Spread Constraints to a given pod. Default: false	false
terminationGracePeriodSeconds	integer	TerminationGracePeriodSeconds determines how long Kubernetes waits after a SIGTERM signal sent to a Pod before terminating the pod. If your application uses longer than 30 seconds to terminate, you should increase TerminationGracePeriodSeconds. Format: int64 Default: 30	false

Name	Type	Description	Required
port	int or string	The port number or name where metrics are exposed (at the Pod level).	true
allowAllMetrics	boolean	Setting AllowAllMetrics to true will ensure all exposed metrics are scraped. Otherwise, a list of predefined metrics will be dropped by default. See util/constants.go for the default list. Default: false	false
path	string	The HTTP path where Prometheus compatible metrics exists Default: /metrics	false

Name	Type	Description	Required
accessPolicies	string	Indicates if access policies are valid	true
conditions	[]object		true
subresources	map[string]object		true
summary	object	Status	true

Name	Type	Description	Required
lastTransitionTime	string	lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. Format: date-time	true
message	string	message is a human readable message indicating details about the transition. This may be an empty string.	true
reason	string	reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.	true
status	enum	status of the condition, one of True, False, Unknown. Enum: True, False, Unknown	true
type	string	type of condition in CamelCase or in foo.example.com/CamelCase.	true
observedGeneration	integer	observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. Format: int64 Minimum: 0	false

Name	Type	Description	Required
message	string	Default: hello	true
status	string	Default: Synced	true
timestamp	string	Default: hello	true

Name	Type	Description	Required
hostname	string		true
routes	[]object		true
redirectToHTTPS	boolean	Default: true	false

Name	Type	Description	Required
pathPrefix	string		true
targetApp	string		true
port	integer	Format: int32	false
rewriteUri	boolean	Default: false	false

Name	Type	Description	Required
container	object	Settings for the Pods running in the job. Fields are mostly the same as an Application, and are (probably) better documented there. Some fields are omitted, but none added. Once set, you may not change Container without deleting your current SKIPJob	true
cron	object	Settings for the Job if you are running a scheduled job. Optional as Jobs may be one-off.	false
job	object	Settings for the actual Job. If you use a scheduled job, the settings in here will also specify the template of the job.	false
prometheus	object	Prometheus settings for pod running in job. Fields are identical to Application and if set, a podmonitoring object is created.	false

Name	Type	Description	Required
schedule	string	A CronJob string for denoting the schedule of this job. See https://crontab.guru/ for help creating CronJob strings. Kubernetes CronJobs also include the extended "Vixie cron" step values: https://man.freebsd.org/cgi/man.cgi?crontab%285%29.	true
allowConcurrency	enum	Denotes how Kubernetes should react to multiple instances of the Job being started at the same time. Allow will allow concurrent jobs. Forbid will not allow this, and instead skip the newer schedule Job. Replace will replace the current active Job with the newer scheduled Job. Enum: Allow, Forbid, Replace Default: Allow	false
startingDeadlineSeconds	integer	Denotes the deadline in seconds for starting a job on its schedule, if for some reason the Job's controller was not ready upon the scheduled time. If unset, Jobs missing their deadline will be considered failed jobs and will not start. Format: int64	false
suspend	boolean	If set to true, this tells Kubernetes to suspend this Job till the field is set to false. If the Job is active while this field is set to true, all running Pods will be terminated.	false