API Reference

kruntimes exposes Kubernetes CRDs and a local Runtime Server gRPC API.

Kubernetes APIs

All CRDs are currently apiVersion: kruntimes.io/v1alpha1.

Run

Run represents one execution.

Common spec fields:

FieldDescription
spec.runtimeRuntime name to execute on. Scheduler only considers Runtime Pods in the same namespace.
spec.argsArguments or command payload passed to the Runtime Server.
spec.envEnvironment variables for the execution. Do not store secrets directly here.
spec.sourceOptional source files or Git source prepared into the workspace.
spec.entrypointRelative path inside the workspace. Absolute paths and .. are rejected.
spec.timeoutSecondsExecution timeout. Timeout terminal phase is Timeout.
spec.retryPolicyRetry attempts and backoff. Execution is at-least-once.
spec.cancelRequestedUser cancellation request.

Common status fields:

FieldDescription
status.phasePending, Scheduled, Running, Succeeded, Failed, Timeout, or Cancelled.
status.assignedPodRuntime Pod selected by the scheduler.
status.attemptCurrent deterministic attempt count.
status.outputsBounded structured outputs from $KRUNTIME_OUTPUTS.
status.artifactRefsCompact artifact references for files stored outside etcd.
status.conditionsKubernetes list-map conditions for lifecycle states.

Minimal example:

apiVersion: kruntimes.io/v1alpha1
kind: Run
metadata:
  name: hello
spec:
  runtime: bash
  source:
    inline: |
      echo hello
  entrypoint: script

Runtime

Runtime defines a warm execution pool.

Common spec fields:

FieldDescription
spec.replicasDesired Runtime Pod count.
spec.capacity.resourcesPer-pod logical capacity, including built-in runs.
spec.templatePodTemplateSpec for Runtime Pods.
spec.daemonImageOptional override for the injected runtimed sidecar image.
spec.artifactStoreArtifact backend configuration snapshot used by runtimed and maintainers.

The controller owns reserved Runtime Pod fields needed by kruntimes, including the injected runtimed container and control-plane labels/annotations.

Workflow

Workflow orchestrates child Runs. Workflow docs are still intentionally minimal while the API remains experimental.

Runtime Server gRPC API

Runtime Servers implement api/runtime/v1/runtime.proto:

service Runtime {
  rpc Execute(ExecuteRequest) returns (ExecuteResponse);
  rpc Status(StatusRequest) returns (StatusResponse);
  rpc List(ListRequest) returns (ListResponse);
  rpc Cancel(CancelRequest) returns (CancelResponse);
  rpc Forget(ForgetRequest) returns (ForgetResponse);
  rpc Health(HealthRequest) returns (HealthResponse);
}

See Custom Runtime Development Guide for behavior requirements, retries, cancellation, workspace paths, and compatibility rules.

Authentication and Authorization

Kubernetes RBAC controls access to CRDs and pod port-forwarding. Runtime Server gRPC endpoints are local to Runtime Pods and are not exposed as Services by default. NetworkPolicy restricts direct access to runtimed endpoints.

See Security and Threat Model for recommended role separation.

Validation

CRDs include schema and CEL validation for supported fields, sizes, names, entrypoints, and workflow shapes. Contributors should regenerate CRDs when API types change; see the Development Guide .