WorkspaceTemplate¶

WorkspaceTemplate is the Schema for the workspacetemplates API Templates define reusable, secure-by-default configurations for workspaces. Template spec can be updated; existing workspaces keep their configuration (lazy application).

Field	Value or Description
`apiVersion` string	`workspace.jupyter.org/v1alpha1`
`kind` string	`WorkspaceTemplate`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` WorkspaceTemplateSpec
`status` WorkspaceTemplateStatus

EnvRequirement¶

EnvRequirement defines a validation rule for a workspace environment variable

Appears in:

WorkspaceTemplateSpec

Field	Description	Default	Validation
`name` string	Name is the environment variable name to validate		MinLength: 1 Required: {}
`required` boolean	Required indicates whether the environment variable must be present on the workspace	false	Optional: {}
`regex` string	Regex is a regular expression the environment variable value must match If empty, any value is accepted		Optional: {}

IdleShutdownOverridePolicy¶

IdleShutdownOverridePolicy defines idle shutdown override constraints

Appears in:

WorkspaceTemplateSpec

Field	Description	Default	Validation
`allow` boolean	Allow controls whether workspaces can override idle shutdown	true	Optional: {}
`minIdleTimeoutInMinutes` integer	MinIdleTimeoutInMinutes is the minimum allowed timeout		Optional: {}
`maxIdleTimeoutInMinutes` integer	MaxIdleTimeoutInMinutes is the maximum allowed timeout		Optional: {}

LabelRequirement¶

LabelRequirement defines a validation rule for a workspace label

Appears in:

WorkspaceTemplateSpec

Field	Description	Default	Validation
`key` string	Key is the label key to validate		MinLength: 1 Required: {}
`required` boolean	Required indicates whether the label must be present on the workspace	false	Optional: {}
`regex` string	Regex is a regular expression the label value must match If empty, any value is accepted		Optional: {}

ResourceBounds¶

ResourceBounds defines minimum and maximum resource limits for any resource type. Uses Kubernetes ResourceName as keys to support vendor-agnostic resource specifications.

Appears in:

WorkspaceTemplateSpec

Field	Description	Default	Validation
`resources` object (keys:ResourceName, values:ResourceRange)	Resources defines min/max bounds for any resource type. Map keys use Kubernetes resource names following these conventions: Standard resources (no vendor prefix): - cpu: CPU cores (e.g., “100m”, “2”) - memory: RAM (e.g., “128Mi”, “4Gi”) Extended resources (vendor-prefixed): - nvidia.com/gpu: NVIDIA GPUs - amd.com/gpu: AMD GPUs - intel.com/gpu: Intel GPUs - nvidia.com/mig-1g.5gb: NVIDIA MIG profile (1 GPU instance, 5GB) - nvidia.com/mig-2g.10gb: NVIDIA MIG profile (2 GPU instances, 10GB) Custom accelerators follow the pattern: vendor.example/resource-name		Optional: {}

ResourceRange¶

ResourceRange defines min and max for a resource NOTE: CEL validation for min <= max is not possible due to resource.Quantity type limitations Validation is enforced at runtime in the template resolver

Appears in:

ResourceBounds

Field	Description	Default	Validation
`min` Quantity	Min is the minimum allowed value		Required: {}
`max` Quantity	Max is the maximum allowed value		Required: {}

StorageConfig¶

StorageConfig defines storage settings NOTE: CEL validation for minSize <= maxSize is not possible due to resource.Quantity type limitations Validation is enforced at runtime in the template resolver

Appears in:

WorkspaceTemplateSpec

Field	Description	Default	Validation
`defaultSize` Quantity	DefaultSize is the default storage size	10Gi	Optional: {}
`minSize` Quantity	MinSize is the minimum allowed storage size		Optional: {}
`maxSize` Quantity	MaxSize is the maximum allowed storage size		Optional: {}
`defaultStorageClassName` string	DefaultStorageClassName is the default storage class name		Optional: {}
`defaultMountPath` string	DefaultMountPath is the default mount path for the storage	/home/jovyan	Optional: {}

TemplateLabel¶

TemplateLabel defines a label key-value pair to add to workspaces

Appears in:

WorkspaceTemplateSpec

Field	Description	Default	Validation
`key` string	Key is the label key		MinLength: 1 Required: {}
`value` string	Value is the label value		Required: {}

WorkspaceTemplateSpec¶

WorkspaceTemplateSpec defines the desired state of WorkspaceTemplate

Appears in:

WorkspaceTemplate

Field	Description	Default	Validation
`displayName` string	DisplayName is the human-readable name of this template		MaxLength: 100 MinLength: 1 Required: {}
`description` string	Description provides additional information about this template		MaxLength: 500 Optional: {}
`defaultImage` string	DefaultImage is the default container image for workspaces using this template		MaxLength: 500 MinLength: 1 Required: {}
`allowedImages` string array	AllowedImages is a list of container images that can be used with this template If empty, only DefaultImage is allowed (secure by default) If populated, workspace can override image with any from this list		MaxItems: 50 Optional: {}
`allowCustomImages` boolean	AllowCustomImages allows workspaces to use any container image, bypassing the AllowedImages restriction When true, workspaces can specify any image regardless of the AllowedImages list	false	Optional: {}
`defaultResources` ResourceRequirements	DefaultResources specifies the default resource requirements		Optional: {}
`resourceBounds` ResourceBounds	ResourceBounds defines the min/max boundaries for resource overrides		Optional: {}
`primaryStorage` StorageConfig	PrimaryStorage defines storage configuration		Optional: {}
`defaultContainerConfig` ContainerConfig	DefaultContainerConfig specifies default container command and args configuration		Optional: {}
`baseEnv` EnvVar array	BaseEnv specifies environment variables to add to workspaces using this template Variables are added during defaulting if no variable with the same name exists on the workspace		MaxItems: 50 Optional: {}
`envRequirements` EnvRequirement array	EnvRequirements specifies validation rules for workspace environment variables		MaxItems: 50 Optional: {}
`allowSecondaryStorages` boolean	AllowSecondaryStorages controls whether workspaces using this template can mount additional storage volumes beyond the primary storage	true	Optional: {}
`defaultVolumes` VolumeSpec array	DefaultVolumes specifies default additional volumes for workspaces using this template Volumes are applied during defaulting only if the workspace does not specify any volumes Each volume references a pre-existing PVC by name in the workspace’s namespace		MaxItems: 10 Optional: {}
`defaultNodeSelector` object (keys:string, values:string)	DefaultNodeSelector specifies default node selection constraints		Optional: {}
`defaultAffinity` Affinity	DefaultAffinity specifies default node affinity and anti-affinity rules		Optional: {}
`defaultTolerations` Toleration array	DefaultTolerations specifies default tolerations for scheduling on nodes with taints		Optional: {}
`defaultOwnershipType` string	DefaultOwnershipType specifies default ownershipType for workspaces using this template OwnershipType controls which users may edit/delete the workspace	Public	Enum: [Public OwnerOnly] Optional: {}
`baseLabels` TemplateLabel array	BaseLabels specifies labels to add to workspaces using this template Labels are added during defaulting if not already present on the workspace		MaxItems: 50 Optional: {}
`labelRequirements` LabelRequirement array	LabelRequirements specifies validation rules for workspace labels		MaxItems: 50 Optional: {}
`defaultIdleShutdown` IdleShutdownSpec	DefaultIdleShutdown provides default idle shutdown configuration Includes timeout, detection endpoint, and enable/disable		Optional: {}
`idleShutdownOverrides` IdleShutdownOverridePolicy	IdleShutdownOverrides controls override behavior and bounds		Optional: {}
`defaultAccessType` string	DefaultAccessType specifies the default accessType for workspaces using this template AccessType controls which users may create connections to the workspace.	Public	Enum: [Public OwnerOnly] Optional: {}
`defaultAccessStrategy` AccessStrategyRef	DefaultAccessStrategy specifies the default access strategy for workspaces using this template		Optional: {}
`defaultLifecycle` Lifecycle	DefaultLifecycle specifies default lifecycle hooks for workspaces using this template		Optional: {}
`defaultPodSecurityContext` PodSecurityContext	DefaultPodSecurityContext specifies default pod-level security context		Optional: {}
`defaultContainerSecurityContext` SecurityContext	DefaultContainerSecurityContext specifies default container-level security context for the main workspace container		Optional: {}
`defaultInitContainers` Container array	DefaultInitContainers specifies default init containers for workspaces using this template Applied during defaulting if the workspace does not specify any init containers		MaxItems: 10 Optional: {}
`allowCustomInitContainers` boolean	AllowCustomInitContainers controls whether workspaces using this template can specify custom init containers beyond the template defaults	false	Optional: {}
`appType` string	AppType specifies the application type for workspaces using this template		Optional: {}

WorkspaceTemplateStatus¶

WorkspaceTemplateStatus defines the observed state of WorkspaceTemplate Follows Kubernetes API conventions for status reporting

Appears in:

WorkspaceTemplate

Field	Description	Default	Validation
`observedGeneration` integer	ObservedGeneration reflects the generation of the most recently observed WorkspaceTemplate spec. This field is used by controllers to determine if they need to reconcile the template. When metadata.generation != status.observedGeneration, the controller has not yet processed the latest spec.		Optional: {}