Variables

User variables provide a flexible way to inject custom configuration values that can be referenced across Workload Profiles using the standard PaletteAI macro syntax.

Variables are only valid within the hub context; they cannot be referenced in the spoke context, like Definition outputs and object outputs.

VariableSet Resource

The VariableSet custom resource is used to define Variables that can be referenced across Workload Profiles. VariableSets provide a structured way to manage Variables with additional metadata and control features.

VariableSet Structure

A VariableSet resource has the following structure. Each entry in the variables array supports the following fields.

Field	Type	Required	Description
`name`	string	Yes	The variable key. Must be a valid Kubernetes name: lowercase alphanumeric characters or hyphens, must start and end with an alphanumeric character, and be 253 characters or less.
`variableType`	string	Yes	Determines the variable's type and is primarily useful when no `value` is set. It indicates the type to consumers and must correspond to the `value`. Accepted values: `string`, `bool`, `int32`, `int64`, `float32`, `float64`.
`value`	object	No	The default value for the variable. Must contain exactly one field matching the `variableType`. For example, a variable with `variableType: 'int32'` uses `value: { int32: 42 }`.
`description`	string	No	A description of the variable's purpose. Maximum 1024 characters.
`validationMode`	string	No	Controls whether a value is required at deployment time. Accepted values: `required`, `optional`. Defaults to `optional`.
`locked`	boolean	No	When `true`, prevents higher-precedence sources from overriding this variable. Variables locked at the Project or System scope also cannot be overridden in a Profile Bundle. Defaults to `false`.
`inputType`	string	No	How PaletteAI edits string values: `text` (single-line input) or `multiline` (text area, for example PEM certificates). Ignored for non-string `variableType` values. Defaults to `text`.

apiVersion: spectrocloud.com/v1beta1
kind: VariableSet
metadata:
  name: mural-variables # Must be exactly "mural-variables"
  namespace: production # Determines scope (system or namespace level)
spec:
  variables:
    - name: textValue
      variableType: 'string'
      value:
        string: 'hello world'
      description: 'A string variable'
    - name: enabledFlag
      variableType: 'bool'
      value:
        bool: true
      description: 'A boolean variable'
    - name: smallNumber
      variableType: 'int32'
      value:
        int32: 42
      description: 'A 32-bit integer variable'
    - name: largeNumber
      variableType: 'int64'
      value:
        int64: 9223372036854775807
      description: 'A 64-bit integer variable'
    - name: percentage
      variableType: 'float32'
      value:
        float32: 85.5
      description: 'A 32-bit float variable'
    - name: preciseValue
      variableType: 'float64'
      value:
        float64: 3.141592653589793
      description: 'A 64-bit float variable'
      locked: true
    - name: apiKey
      variableType: 'string'
      validationMode: 'required'
      description: 'API key that must be provided (for example in WorkloadDeployment or namespace VariableSet)'
    - name: tlsCertificate
      variableType: 'string'
      inputType: 'multiline'
      description: 'TLS certificate in PEM format'

Variable Resolution

Variables follow a four-tier resolution system with the following order of precedence (highest to lowest):

Profile Bundle Variables - Defined directly in the ProfileBundle spec.
Workload Deployment Variables - Defined directly in the WorkloadDeployment spec.
Project-Scoped Variables - Defined in the mural-variables VariableSet custom resource in the Workload Deployment's namespace.
System-Wide Variables - Defined in the mural-variables VariableSet custom resource in the SystemDefinition namespace (typically mural-system)

Higher-precedence sources override lower-precedence sources for the same Variable name. If the Variable is marked as locked in the VariableSet definition, it will not be possible to override the value in a higher-precedence context. Variables locked at the Project or System scope cannot be overridden in a Profile Bundle.

Profile Bundle Variables

Variables can be defined directly in the ProfileBundle specification. These have the highest precedence in the resolution order and override Project-scoped and system-wide VariableSet values. However, Variables that are locked at the Project or System scope cannot be overridden at this tier.

Workload Deployment Variables

Variables can be defined directly in the WorkloadDeployment specification using the variables field. These override VariableSet values unless the VariableSet variable is locked. This is ideal for deployment-specific configurations that vary between environments.

apiVersion: spectrocloud.com/v1beta1
kind: WorkloadDeployment
metadata:
  name: my-workload-deployment
  namespace: production
spec:
  workload:
    name: my-workload
    namespace: my-workload-namespace
  workloadProfileRef:
    name: my-workload-profile
    namespace: profiles
  environmentRef:
    name: my-environment
    namespace: environments
  variables:
    environment: 'production'
    debug: 'false'
    apiUrl: 'https://api.production.example.com'
    maxReplicas: '10'

Namespace-Scoped VariableSet

Create a VariableSet resource in the same namespace as your Workload Deployment to make the Variables available to all Workload Deployments in the namespace.

apiVersion: spectrocloud.com/v1beta1
kind: VariableSet
metadata:
  name: mural-variables
  namespace: production
spec:
  variables:
    - name: environment
      variableType: 'string'
      value:
        string: 'production'
      description: 'Environment name'
    - name: region
      variableType: 'string'
      value:
        string: 'us-west-2'
      description: 'AWS region'
    - name: team
      variableType: 'string'
      value:
        string: 'platform'
      description: 'Team ownership'
      locked: true
    - name: alertingEnabled
      variableType: 'bool'
      value:
        bool: true
      description: 'Enable alerting'
    - name: maxConnections
      variableType: 'int32'
      value:
        int32: 100
      description: 'Maximum connections'
    - name: timeout
      variableType: 'float32'
      value:
        float32: 30.5
      description: 'Timeout in seconds'

System-Wide VariableSet

Create a VariableSet resource in the SystemDefinition namespace (typically mural-system) to provide cluster-wide default Variables.

apiVersion: spectrocloud.com/v1beta1
kind: VariableSet
metadata:
  name: mural-variables
  namespace: mural-system
spec:
  variables:
    - name: company
      variableType: 'string'
      value:
        string: 'Spectro Cloud'
      description: 'Company name'
      locked: true
    - name: region
      variableType: 'string'
      value:
        string: 'us-east-1'
      description: 'Default region'
    - name: clusterType
      variableType: 'string'
      value:
        string: 'managed'
      description: 'Cluster management type'
      locked: true
    - name: defaultLogLevel
      variableType: 'string'
      value:
        string: 'warn'
      description: 'System default log level'
    - name: monitoringEnabled
      variableType: 'bool'
      value:
        bool: true
      description: 'Enable monitoring by default'
    - name: maxRetries
      variableType: 'int32'
      value:
        int32: 3
      description: 'Default retry count'
    - name: requestTimeout
      variableType: 'float64'
      value:
        float64: 60.0
      description: 'Request timeout in seconds'

VariableSet Resource​

VariableSet Structure​

Variable Resolution​

Profile Bundle Variables​

Workload Deployment Variables​

Namespace-Scoped VariableSet​

System-Wide VariableSet​