← Back to index Esc
Kind
RepositoryReplication
Group
kopiur.home-operations.com
Version
v1alpha1
apiVersion: kopiur.home-operations.com/v1alpha1 kind: RepositoryReplication metadata: name: example
Tip: use .spec.destination for path-only search
View raw schema
spec object required
Mirror a source repository's blobs to a destination backend on a schedule (`kopia repository sync-to`), ADR-0005 §13(d). Not `Eq`: `mover` transitively embeds k8s-openapi types.
destination object required
The backend to mirror *to* (`kopia repository sync-to <destination>`). Exactly one backend by construction (the externally-tagged `Backend` enum, reused). Must differ from the source's backend (webhook-enforced).
azure object
Azure Blob Storage.
auth object
Access credentials (Secret ref / workload identity).
secretRef object
Secret holding the backend's access credentials. The operator reads well-known keys (e.g. `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for S3). ADR §3.1.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
workloadIdentity object
Advanced auth: workload identity (IRSA/WIF). Structurally present, deprioritized for the homelab default (ADR §4.11).
serviceAccountName string required
Name of the `ServiceAccount` the mover pod runs as, federated to the cloud IAM role/identity that grants backend access.
container string required
Blob container holding the kopia repository.
prefix string
Blob-name prefix within the container; empty/absent means the container root.
storageAccount string
Storage-account name (when not inferred from credentials).
b2 object
Backblaze B2.
auth object
Access credentials (application key ID/key Secret).
secretRef object
Secret holding the backend's access credentials. The operator reads well-known keys (e.g. `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for S3). ADR §3.1.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
workloadIdentity object
Advanced auth: workload identity (IRSA/WIF). Structurally present, deprioritized for the homelab default (ADR §4.11).
serviceAccountName string required
Name of the `ServiceAccount` the mover pod runs as, federated to the cloud IAM role/identity that grants backend access.
bucket string required
B2 bucket holding the kopia repository.
prefix string
Object-name prefix within the bucket; empty/absent means the bucket root.
filesystem object
A local filesystem path, backed by a PVC the operator mounts into the mover.
path string required
Mount path inside the mover pod where kopia writes the repository (e.g. `/repo`).
volume object
What backs `path`. A PVC (`{ pvc: { name } }`) or an inline NFS export (`{ nfs: { server, path } }`). Absent for a path already present on the node/image (a `hostPath`/baked-in mount; mainly the e2e harness).
nfs object
An inline NFS export mounted directly (no PVC).
path string required
Exported path on the NFS server (e.g. `/export/kopia` or `/mnt/eros/Media`).
server string required
NFS server hostname or IP (e.g. `nas.lan` or `expanse.internal`).
pvc object
A `PersistentVolumeClaim` mounted read-write at the repo path.
name string required
Name of the `PersistentVolumeClaim` to mount (in the mover's namespace).
gcs object
Google Cloud Storage.
auth object
Access credentials (service-account key Secret / workload identity).
secretRef object
Secret holding the backend's access credentials. The operator reads well-known keys (e.g. `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for S3). ADR §3.1.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
workloadIdentity object
Advanced auth: workload identity (IRSA/WIF). Structurally present, deprioritized for the homelab default (ADR §4.11).
serviceAccountName string required
Name of the `ServiceAccount` the mover pod runs as, federated to the cloud IAM role/identity that grants backend access.
bucket string required
GCS bucket holding the kopia repository.
prefix string
Object-name prefix within the bucket; empty/absent means the bucket root.
rclone object
Any rclone remote (kopia shells out to `rclone`), broadening reach to providers without a native kopia backend.
configSecretRef object
Secret holding the `rclone.conf` that defines the remote referenced by `remote_path`.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
remotePath string required
rclone path in `remote:path` form (the remote name must exist in the supplied rclone config).
s3 object
Amazon S3 or any S3-compatible object store (MinIO, RustFS, Ceph RGW, …).
auth object
Access credentials (Secret ref / workload identity). ADR §3.1.
secretRef object
Secret holding the backend's access credentials. The operator reads well-known keys (e.g. `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for S3). ADR §3.1.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
workloadIdentity object
Advanced auth: workload identity (IRSA/WIF). Structurally present, deprioritized for the homelab default (ADR §4.11).
serviceAccountName string required
Name of the `ServiceAccount` the mover pod runs as, federated to the cloud IAM role/identity that grants backend access.
bucket string required
Bucket holding the kopia repository.
endpoint string
S3 endpoint host. Omit for AWS; set it for MinIO/RustFS/other S3-compatible stores.
prefix string
Key prefix under the bucket, letting several repositories share one bucket (e.g. `clusters/prod/`). Empty/absent means the bucket root.
region string
S3 region. Required by AWS and some compatible providers.
tls object
TLS overrides for self-signed CAs or HTTP-only endpoints.
caBundleRef object
CA bundle (PEM) used to verify the endpoint's certificate, sourced from a `ConfigMap`. Preferred over `insecureSkipVerify` for self-signed endpoints.
configMapName string
Name of the `ConfigMap` holding the value (e.g. a CA bundle).
key string
Which key inside the `ConfigMap` to read.
disableTls boolean
Disable TLS entirely and talk plain HTTP. Maps to kopia's `--disable-tls`. Needed for HTTP-only endpoints (e.g. an in-cluster MinIO/RustFS service); kopia's S3 path otherwise assumes HTTPS. Off by default.
insecureSkipVerify boolean
Skip TLS certificate verification (still uses TLS). Maps to kopia's `--disable-tls-verification`. For self-signed endpoints; prefer `caBundleRef` in production.
sftp object
SFTP server.
auth object
Credentials (e.g. SSH private key / known-hosts) sourced from a Secret.
secretRef object
Secret holding the backend's access credentials. The operator reads well-known keys (e.g. `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for S3). ADR §3.1.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
workloadIdentity object
Advanced auth: workload identity (IRSA/WIF). Structurally present, deprioritized for the homelab default (ADR §4.11).
serviceAccountName string required
Name of the `ServiceAccount` the mover pod runs as, federated to the cloud IAM role/identity that grants backend access.
host string required
SFTP server hostname or IP.
path string required
Remote path on the server that holds the kopia repository.
port integer
TCP port; defaults to 22 when absent.
format: uint16
minimum: 0
maximum: 65535
username string
SSH username to connect as.
webDav object
WebDAV endpoint.
auth object
HTTP basic-auth credentials sourced from a Secret.
secretRef object
Secret holding the backend's access credentials. The operator reads well-known keys (e.g. `AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` for S3). ADR §3.1.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs (ADR §3.2).
workloadIdentity object
Advanced auth: workload identity (IRSA/WIF). Structurally present, deprioritized for the homelab default (ADR §4.11).
serviceAccountName string required
Name of the `ServiceAccount` the mover pod runs as, federated to the cloud IAM role/identity that grants backend access.
url string required
WebDAV collection URL holding the kopia repository.
destinationEncryption object
Encryption/password for the destination repository when it needs its own (e.g. a freshly-created mirror with a distinct password). Absent ⇒ the destination uses the **source** repository's password — the common case for a true mirror, where `sync-to` copies blobs verbatim and the format (including the encryption material) is identical. Document this in the example.
passwordSecretRef object required
Always a Secret ref; never inline. ADR §3.1.
key string
Which key inside the `Secret` to read. Defaults are documented per-field on the consuming struct.
name string required
Name of the `Secret`.
namespace string
Namespace of the `Secret`. Absent = same namespace as the referrer; required for cluster-scoped CRs which have no own namespace (ADR §3.2).
mover object
Mover (Job pod) overrides for the replication run — resources, scheduling, security context. Inherits the source repository's `moverDefaults` underneath (ADR-0004 §1/§2).
cache object
Override the repository's [`CacheDefaults`] for this recipe's movers.
capacity string
Size of the PVC backing the mover's kopia cache (e.g. `10Gi`).
contentCacheSizeMb integer
kopia content cache budget in MiB (`--content-cache-size-mb`).
format: int64
metadataCacheSizeMb integer
kopia metadata cache budget in MiB (`--metadata-cache-size-mb`).
format: int64
mode string
How a mover's kopia cache volume is provisioned. ADR §3.1.
enum: Ephemeral, Persistent
storageClassName string
StorageClass for the cache PVC; absent uses the cluster default.
inheritSecurityContextFrom object
Opt-in: copy security context from a live workload pod. ADR §4.11.
container string
Which container within the matched pod; absent uses the first/only container.
podSelector object required
Label selector matching the workload pod(s) to read context/hooks from.
matchExpressions []object
matchExpressions is a list of label selector requirements. The requirements are ANDed.
key string required
key is the label key that the selector applies to.
operator string required
operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
values []string
values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
matchLabels object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
podSecurityContext object
Security context applied to the mover **pod** — notably `fsGroup`, which makes a freshly-provisioned volume group-writable so an unprivileged (`runAsUser != 0`) mover can populate it on **restore** without root. Distinct from the container-level [`MoverSpec::security_context`]; a pod-level `runAsUser: 0` / `runAsNonRoot: false` here is still gated as privileged.
appArmorProfile object
appArmorProfile is the AppArmor options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
localhostProfile string
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
type string required
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
fsGroup integer
A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume. Note that this field cannot be set when spec.os.name is windows.
format: int64
fsGroupChangePolicy string
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. Note that this field cannot be set when spec.os.name is windows.
runAsGroup integer
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
format: int64
runAsNonRoot boolean
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
runAsUser integer
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
format: int64
seLinuxChangePolicy string
seLinuxChangePolicy defines how the container's SELinux label is applied to all volumes used by the Pod. It has no effect on nodes that do not support SELinux or to volumes does not support SELinux. Valid values are "MountOption" and "Recursive". "Recursive" means relabeling of all files on all Pod volumes by the container runtime. This may be slow for large volumes, but allows mixing privileged and unprivileged Pods sharing the same volume on the same node. "MountOption" mounts all eligible Pod volumes with `-o context` mount option. This requires all Pods that share the same volume to use the same SELinux label. It is not possible to share the same volume among privileged and unprivileged Pods. Eligible volumes are in-tree FibreChannel and iSCSI volumes, and all CSI volumes whose CSI driver announces SELinux support by setting spec.seLinuxMount: true in their CSIDriver instance. Other volumes are always re-labelled recursively. "MountOption" value is allowed only when SELinuxMount feature gate is enabled. If not specified and SELinuxMount feature gate is enabled, "MountOption" is used. If not specified and SELinuxMount feature gate is disabled, "MountOption" is used for ReadWriteOncePod volumes and "Recursive" for all other volumes. This field affects only Pods that have SELinux label set, either in PodSecurityContext or in SecurityContext of all containers. All Pods that use the same volume should use the same seLinuxChangePolicy, otherwise some pods can get stuck in ContainerCreating state. Note that this field cannot be set when spec.os.name is windows.
seLinuxOptions object
The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows.
level string
Level is SELinux level label that applies to the container.
role string
Role is a SELinux role label that applies to the container.
type string
Type is a SELinux type label that applies to the container.
user string
User is a SELinux user label that applies to the container.
seccompProfile object
The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows.
localhostProfile string
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
type string required
type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
supplementalGroups []integer
A list of groups applied to the first process run in each container, in addition to the container's primary GID and fsGroup (if specified). If the SupplementalGroupsPolicy feature is enabled, the supplementalGroupsPolicy field determines whether these are in addition to or instead of any group memberships defined in the container image. If unspecified, no additional groups are added, though group memberships defined in the container image may still be used, depending on the supplementalGroupsPolicy field. Note that this field cannot be set when spec.os.name is windows.
supplementalGroupsPolicy string
Defines how supplemental groups of the first container processes are calculated. Valid values are "Merge" and "Strict". If not specified, "Merge" is used. (Alpha) Using the field requires the SupplementalGroupsPolicy feature gate to be enabled and the container runtime must implement support for this feature. Note that this field cannot be set when spec.os.name is windows.
sysctls []object
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows.
name string required
Name of a property to set
value string required
Value of a property to set
windowsOptions object
The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
gmsaCredentialSpec string
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
gmsaCredentialSpecName string
GMSACredentialSpecName is the name of the GMSA credential spec to use.
hostProcess boolean
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
runAsUserName string
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
privilegedMode boolean
Opt-in, namespace-gated; preserves UID/GID on restore. ADR §4.11/§G16.
resources object
Resource requests/limits for the mover container.
claims []object
Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers.
name string required
Name must match the name of one entry in pod.spec.resourceClaims of the Pod where this field is used. It makes that resource available inside a container.
request string
Request is the name chosen for a request in the referenced claim. If empty, everything from the claim is made available, otherwise only the result of this request.
limits object
Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
requests object
Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
securityContext object
Security context applied to the mover **container** (`runAsUser`/`runAsGroup`, capabilities, seccomp, …). Merged field-wise over `moverDefaults.securityContext` and the hardened base (ADR-0004 §2) — set only the fields you want to change.
allowPrivilegeEscalation boolean
AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows.
appArmorProfile object
appArmorProfile is the AppArmor options to use by this container. If set, this profile overrides the pod's appArmorProfile. Note that this field cannot be set when spec.os.name is windows.
localhostProfile string
localhostProfile indicates a profile loaded on the node that should be used. The profile must be preconfigured on the node to work. Must match the loaded name of the profile. Must be set if and only if type is "Localhost".
type string required
type indicates which kind of AppArmor profile will be applied. Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.
capabilities object
The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows.
add []string
Added capabilities
drop []string
Removed capabilities
privileged boolean
Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows.
procMount string
procMount denotes the type of proc mount to use for the containers. The default value is Default which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows.
readOnlyRootFilesystem boolean
Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows.
runAsGroup integer
The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
format: int64
runAsNonRoot boolean
Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
runAsUser integer
The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
format: int64
seLinuxOptions object
The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows.
level string
Level is SELinux level label that applies to the container.
role string
Role is a SELinux role label that applies to the container.
type string
Type is a SELinux type label that applies to the container.
user string
User is a SELinux user label that applies to the container.
seccompProfile object
The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows.
localhostProfile string
localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is "Localhost". Must NOT be set for any other type.
type string required
type indicates which kind of seccomp profile will be applied. Valid options are: Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied.
windowsOptions object
The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux.
gmsaCredentialSpec string
GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field.
gmsaCredentialSpecName string
GMSACredentialSpecName is the name of the GMSA credential spec to use.
hostProcess boolean
HostProcess determines if a container should be run as a 'Host Process' container. All of a Pod's containers must have the same effective HostProcess value (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers). In addition, if HostProcess is true then HostNetwork must also be set to true.
runAsUserName string
The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
ttlSecondsAfterFinished integer
Per-recipe override of `moverDefaults.ttlSecondsAfterFinished` — the `Job.spec.ttlSecondsAfterFinished` for this recipe's mover Jobs so finished backup/restore Jobs self-GC. Recipe wins over the repo default; when neither is set a built-in default applies ([`DEFAULT_JOB_TTL_SECONDS`]). ADR-0005 §12.
format: int64
schedule object required
Cron + deterministic jitter for the replication runs (ADR §3.7 scheduling kernel, shared with `Maintenance`).
cron string required
The cron expression, parsed by `croner`. May contain an `H` placeholder for deterministic per-schedule jitter (ADR §3.7).
jitter string
Optional deterministic jitter window as a Go-style duration string (e.g. `30m`), derived from `(scheduleUID, slot)` so it is stable across restarts.
sourceRef object required
The repository to mirror *from* — a `Repository` or `ClusterRepository` reference (ADR §3.2). Credentials/connect are resolved from it.
kind string
Which repository CRD this points at; defaults to [`RepositoryKind::Repository`].
enum: Repository, ClusterRepository
name string required
Name of the referenced `Repository`/`ClusterRepository`.
namespace string
Cross-namespace `Repository` reference; ignored/forbidden for `ClusterRepository`.
suspend boolean
Pause this replication declaratively (ADR-0005 §14(e)): a suspended `RepositoryReplication` is skipped by its own reconcile (no sync runs), surfaced via a condition. Default `false`.
status object
Observed state of a [`RepositoryReplication`]. ADR-0005 §13(d).
conditions []object
Standard Kubernetes conditions (`Ready`, `Reconciling`, `Stalled`). ADR-0005 §2.
lastTransitionTime string required
lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
message string required
message is a human readable message indicating details about the transition. This may be an empty string.
observedGeneration integer
observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
format: int64
reason string required
reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
status string required
status of the condition, one of True, False, Unknown.
type string required
type of condition in CamelCase or in foo.example.com/CamelCase.
destinationBackend string
The destination backend kind (mirror of `spec.destination` discriminant), for the `DESTINATION` print column.
lastReplicated string
RFC3339 timestamp of the most recent successful replication run. Backs the `LAST` print column.
lastReplicatedBlobs integer
Blobs replicated by the last successful run (best-effort).
format: int64
lastReplicatedBytes integer
Bytes replicated by the last successful run (best-effort from kopia output).
format: int64
nextScheduledAt string
RFC3339 timestamp of the next scheduled replication run (cron + jitter, pinned).
observedGeneration integer
`metadata.generation` last reconciled, for staleness detection / kstatus.
format: int64
phase string
Lifecycle phase of a replication. Closed enum. ADR-0005 §13(d). ``` use kopiur_api::repository_replication::RepositoryReplicationPhase; assert_eq!(RepositoryReplicationPhase::default(), RepositoryReplicationPhase::Pending); assert_eq!( serde_json::to_value(RepositoryReplicationPhase::Replicating).unwrap(), "Replicating" ); ```
enum: Pending, Replicating, Succeeded, Failed, Suspended

No matches. Try .spec.destination for an exact path

Copied!