werf
  • Getting Started
  • Documentation
  • Kubernetes guide
  • About
    • Publications
    • Release channels
    • Changelog
  • English
    • English
    • Russian
✕
Join the party at CNCF Slack
Step 1:
Get an invite to CNCF Slack
Step 2:
Join #werf channel
We've chosen CNCF Slack since most of the Kubernetes community members are there.
latest
  1. latest
  2. Reference
  3. werf.yaml
Version: latest
  • latest
  • 2-rock-solid 2.31.1
  • 2-stable 2.31.1
  • 2-ea 2.35.1
  • 2-beta 2.35.1
  • 2-alpha 2.35.10
  • 1.2-rock-solid 1.2.334
  • 1.2-stable 1.2.334
  • 1.2-ea 1.2.334
  • 1.2-beta 1.2.334
  • 1.2-alpha 1.2.334
  • Getting started
  • Usage
    • Project configuration
      • Overview
      • Giterminism
    • Build
      • Overview
      • Images and dependencies
      • Stapel image configuration
        • Overview
        • Base image
        • Adding source code from git repositories
        • User instructions
        • Importing from images
        • Dockerfile instructions
        • Reducing image size and speeding up a build by mounts
      • Build backends
      • Build process
    • Deploy
      • Overview
      • Charts and dependencies
      • Templates
      • Parametrize templates
      • Multiple environments
      • Deployment order
      • Deployment scenarios
      • Planning
      • Resource tracking
      • Authentication and authorization
      • Release management
    • Distribute
      • Overview
      • Images
      • Bundles and charts
    • Cleanup
      • Container registry cleanup
      • Automatic host cleanup
    • Integration with CI/CD systems
  • Reference
    • werf.yaml
    • werf.yaml template engine
    • werf-giterminism.yaml
    • Deploy annotations
    • werf images
    • Command line interface
      • Overview of command groups
      • Delivery commands
        • werf converge
        • werf plan
        • werf dismiss
        • werf bundle
          • werf bundle apply
          • werf bundle copy
          • werf bundle publish
          • werf bundle render
      • Cleaning commands
        • werf cleanup
        • werf purge
      • Helper commands
        • werf ci-env
        • werf build
        • werf export
        • werf run
        • werf kube-run
        • werf compose
          • werf compose config
          • werf compose down
          • werf compose run
          • werf compose up
        • werf slugify
        • werf render
      • Low-level management commands
        • werf config
          • werf config graph
          • werf config list
          • werf config render
        • werf managed-images
          • werf managed-images add
          • werf managed-images ls
          • werf managed-images rm
        • werf host
          • werf host cleanup
          • werf host purge
        • werf helm
          • werf helm create
          • werf helm dependency
            • werf helm dependency build
            • werf helm dependency list
            • werf helm dependency update
          • werf helm env
          • werf helm get
            • werf helm get all
            • werf helm get hooks
            • werf helm get manifest
            • werf helm get metadata
            • werf helm get notes
            • werf helm get values
          • werf helm get-autogenerated-values
          • werf helm get-namespace
          • werf helm get-release
          • werf helm history
          • werf helm install
          • werf helm lint
          • werf helm list
          • werf helm package
          • werf helm plugin
            • werf helm plugin install
            • werf helm plugin list
            • werf helm plugin uninstall
            • werf helm plugin update
          • werf helm pull
          • werf helm registry
            • werf helm registry login
            • werf helm registry logout
          • werf helm repo
            • werf helm repo add
            • werf helm repo index
            • werf helm repo list
            • werf helm repo remove
            • werf helm repo update
          • werf helm rollback
          • werf helm search
            • werf helm search hub
            • werf helm search repo
          • werf helm secret
            • werf helm secret decrypt
            • werf helm secret encrypt
            • werf helm secret file
              • werf helm secret file decrypt
              • werf helm secret file edit
              • werf helm secret file encrypt
            • werf helm secret generate-secret-key
            • werf helm secret rotate-secret-key
            • werf helm secret values
              • werf helm secret values decrypt
              • werf helm secret values edit
              • werf helm secret values encrypt
          • werf helm show
            • werf helm show all
            • werf helm show chart
            • werf helm show crds
            • werf helm show readme
            • werf helm show values
          • werf helm status
          • werf helm template
          • werf helm test
          • werf helm uninstall
          • werf helm upgrade
          • werf helm verify
          • werf helm version
        • werf cr
          • werf cr login
          • werf cr logout
        • werf kubectl
          • werf kubectl alpha
          • werf kubectl annotate
          • werf kubectl api-resources
          • werf kubectl api-versions
          • werf kubectl apply
            • werf kubectl apply edit-last-applied
            • werf kubectl apply set-last-applied
            • werf kubectl apply view-last-applied
          • werf kubectl attach
          • werf kubectl auth
            • werf kubectl auth can-i
            • werf kubectl auth reconcile
            • werf kubectl auth whoami
          • werf kubectl autoscale
          • werf kubectl certificate
            • werf kubectl certificate approve
            • werf kubectl certificate deny
          • werf kubectl cluster-info
            • werf kubectl cluster-info dump
          • werf kubectl completion
          • werf kubectl config
            • werf kubectl config current-context
            • werf kubectl config delete-cluster
            • werf kubectl config delete-context
            • werf kubectl config delete-user
            • werf kubectl config get-clusters
            • werf kubectl config get-contexts
            • werf kubectl config get-users
            • werf kubectl config rename-context
            • werf kubectl config set
            • werf kubectl config set-cluster
            • werf kubectl config set-context
            • werf kubectl config set-credentials
            • werf kubectl config unset
            • werf kubectl config use-context
            • werf kubectl config view
          • werf kubectl cordon
          • werf kubectl cp
          • werf kubectl create
            • werf kubectl create clusterrole
            • werf kubectl create clusterrolebinding
            • werf kubectl create configmap
            • werf kubectl create cronjob
            • werf kubectl create deployment
            • werf kubectl create ingress
            • werf kubectl create job
            • werf kubectl create namespace
            • werf kubectl create poddisruptionbudget
            • werf kubectl create priorityclass
            • werf kubectl create quota
            • werf kubectl create role
            • werf kubectl create rolebinding
            • werf kubectl create secret
              • werf kubectl create secret docker-registry
              • werf kubectl create secret generic
              • werf kubectl create secret tls
            • werf kubectl create service
              • werf kubectl create service clusterip
              • werf kubectl create service externalname
              • werf kubectl create service loadbalancer
              • werf kubectl create service nodeport
            • werf kubectl create serviceaccount
            • werf kubectl create token
          • werf kubectl debug
          • werf kubectl delete
          • werf kubectl describe
          • werf kubectl diff
          • werf kubectl drain
          • werf kubectl edit
          • werf kubectl events
          • werf kubectl exec
          • werf kubectl explain
          • werf kubectl expose
          • werf kubectl get
          • werf kubectl kustomize
          • werf kubectl label
          • werf kubectl logs
          • werf kubectl options
          • werf kubectl patch
          • werf kubectl plugin
            • werf kubectl plugin list
          • werf kubectl port-forward
          • werf kubectl proxy
          • werf kubectl replace
          • werf kubectl rollout
            • werf kubectl rollout history
            • werf kubectl rollout pause
            • werf kubectl rollout restart
            • werf kubectl rollout resume
            • werf kubectl rollout status
            • werf kubectl rollout undo
          • werf kubectl run
          • werf kubectl scale
          • werf kubectl set
            • werf kubectl set env
            • werf kubectl set image
            • werf kubectl set resources
            • werf kubectl set selector
            • werf kubectl set serviceaccount
            • werf kubectl set subject
          • werf kubectl taint
          • werf kubectl top
            • werf kubectl top node
            • werf kubectl top pod
          • werf kubectl uncordon
          • werf kubectl version
          • werf kubectl wait
      • Other commands
        • werf synchronization
        • werf completion
        • werf version
  • Resources
    • Cheat sheet
    • Migration from v1.2 to v2.0
    • Comparison with other tools
    • Telemetry
Source

werf.yaml

0 --- # Meta section
...
1 project: string ! # Unique project name
2 configVersion: int ! # Config syntax version. It should always be 1 for now
3 build: # Common build settings
...
4   cacheVersion: string # Cache version
5   platform: [ string, ... ] # Common list of target platforms for all images (for example ['linux/amd64', 'linux/arm64', 'linux/arm/v8'])
6   staged: bool # Enable layer-by-layer caching of Dockerfile instructions in container registry globally for all images
7   imageSpec: # Global image configuration options according to the OCI specification, which will be applied to all images. More details here
...
8     author: string # Author of the image
9     clearHistory: bool # Remove all image build history
10     config: # Common image configuration
...
11       labels: { name string: value string, ... } # List of labels to add
12       removeLabels: [ string || /REGEXP/, ... ] # List of labels to remove
13       keepEssentialWerfLabels: bool # Do not remove werf labels necessary for normal operation
14 deploy: # Settings for deployment
...
15   helmChartDir: string # Path to the helm chart directory of the project (default .helm)
16   helmChartConfig: # Override Chart.yaml configuration
...
17     appVersion: string # Override appVersion in Chart.yaml
18   helmRelease: string # Release name template (default [[ project ]]-[[ env ]])
19   helmReleaseSlug: bool # Release name slugification (default true)
20   namespace: string # Kubernetes namespace template (default [[ project ]]-[[ env ]])
21   namespaceSlug: bool # Kubernetes namespace slugification (default true)
22 cleanup: # Settings for cleaning up irrelevant images
...
23   disable: bool # Disable cleanup entirely. This prevents meta images from being published to the container registry. After disabling, you can run werf cleanup to remove existing meta images
24   disableKubernetesBasedPolicy: bool # Disable a cleanup policy that allows not to remove images deployed in Kubernetes from the container registry
25   disableGitHistoryBasedPolicy: bool # Disable a cleanup policy that allows not to remove images taking into account user-defined policies by the Git history (keepPolicies)
26   disableBuiltWithinLastNHoursPolicy: bool # Disable a cleanup policy that allows not to remove images built in last hours (keepImagesBuiltWithinLastNHours)
27   keepImagesBuiltWithinLastNHours: uint # The minimum number of hours that must elapse since the image is built (default 2)
28   keepPolicies: # Set of policies to select relevant image versions using the Git history
29   - references: # References to perform scanning on
30       branch: string || /REGEXP/ # One or more git origin branches
31       tag: string || /REGEXP/ # One or more git origin tags
32       limit: # The set of rules to limit references on the basis of the date when the git tag was created or the activity in the git branch
33         last: int # To select n last references from those defined in the branch or tag (default -1)
34         in: duration string # To select git tags that were created during the specified period or git branches that were active during the period
35         operator: And || Or # Check both conditions or any of them (default And)
36     imagesPerReference: # The limit on the number of image versions for each reference contained in the set
37       last: int # The number of image versions to search for each reference (default -1)
38       in: duration string # The time frame in which werf searches for images
39 gitWorktree: # Configure how werf handles git worktree of the project
...
40   forceShallowClone: bool # Force werf to use shallow clone despite restrictions
41   allowUnshallow: bool # Allow werf to automatically convert project shallow git clone to full one during build process when needed (default true)
42   allowFetchOriginBranchesAndTags: bool # Allow werf to synchronize git branches and tags with remote origin during cleanup process when needed (default true)
43 --- # Dockerfile image section: optional, define as many image sections as you need
...
44 image: string || [ string, ... ] ! # One or more unique names for image
45 final: bool # Mark image as final (default true). More details here
46 dockerfile: string ! # Dockerfile path relative to the context PATH
47 staged: bool # Enable layer-by-layer caching of Dockerfile instructions in container registry
48 cacheVersion: string # Cache version
49 context: string # Build context PATH inside project directory
50 platform: [ string, ... ] # List of target platforms for this image (for example ['linux/amd64', 'linux/arm64', 'linux/arm/v8'])
51 contextAddFiles: [ string, ... ] # Untracked files and directories for adding to build context. The paths must be relative to context PATH
52 target: string # Specific Dockerfile stage (last one by default, similar to the docker build --target option)
53 args: { name string: value string, ... } # Variables for ARG dockerfile instructions (similar to the docker build --build-arg option)
54 addHost: [ string, ... ] # Custom host-to-IP mapping (host:ip) (similar to the docker build --add-host option)
55 network: string # The networking mode for the RUN instructions during build (similar to the docker build --network option)
56 ssh: string # SSH agent socket or keys to the build (similar to the docker build --ssh option) (DEPRECATED). More details here
57 secrets: # Secrets used in image build. Only one of the following options can be used in a single instance: env, src, or value. More details here
58 - id: string # Secret unique identifier (mandatory only for the value type)
59   env: string # A secret from an environment variable
60   src: string # A secret from a file at the given path
61   value: string # Custom string value
62 dependencies: # Dependency images for current image
...
63 - image: string # Dependency image name, which should be built before building current image
64   imports: # Define target build args to import image information into current image (optional)
65   - type: string # Type of image info: ImageName, ImageDigest, ImageRepo or ImageTag
66     targetBuildArg: string # Name of build argument which will contain specified type of information about image
67 imageSpec: # Image configuration according to the OCI specification. More details here
68   author: string # Author of the image
69   clearHistory: bool # Remove all image build history
70   config: # Common image configuration
...
71     cmd: [string, ...] # Set CMD. More details here
72     entrypoint: [string, ...] # Set ENTRYPOINT. More details here
73     env: { name string: value string, ... } # List of environment variables to add. More details here
74     expose: [string, ...] # Set exposed ports. More details here
75     healthcheck: { test: [string, ...], interval: string, retries: int } # Healthcheck configuration. Intervals are in seconds.. More details here
76     labels: { name string: value string, ... } # List of labels to add
77     stopSignal: string # Set STOPSIGNAL. More details here
78     user: string # Set USER. More details here
79     volumes: [string, ...] # List of volumes to add. More details here
80     workingDir: string # Set WORKDIR. More details here
81     removeEnv: [ string || /REGEXP/, ... ] # List of environment variables to remove
82     removeLabels: [ string || /REGEXP/, ... ] # List of labels to remove
83     removeVolumes: [string, ...] # List of volumes to remove
84     keepEssentialWerfLabels: bool # Do not remove werf labels necessary for normal operation
85     clearCmd: bool # Remove CMD
86     clearEntrypoint: bool # Remove ENTRYPOINT
87     clearUser: bool # Remove USER
88     clearWorkingDir: bool # Remove WORKDIR
89 --- # Stapel image section: optional, define as many image sections as you need
...
90 image: string || [ string, ... ] ! # One or more unique names for image
91 artifact: string # The unique name for artifact (DEPRECATED). More details here
92 final: bool # Mark image as final (default true). More details here
93 cacheVersion: string # Cache version
94 platform: [ string, ... ] # List of target platforms for this image (for example ['linux/amd64', 'linux/arm64', 'linux/arm/v8'])
95 from: string # The name of a base image. More details here
96 fromLatest: bool # To use actual base image without caching. More details here
97 fromImage: string # To use image as base image by image name. More details here
98 fromArtifact: string # To use artifact as base image by artifact name (DEPRECATED)
99 fromCacheVersion: string # Cache version. More details here
100 disableGitAfterPatch: bool # Disable updating git sources (gitCache, gitLatestPatch stages). More details here
101 git: # Set of directives to add source files from git repositories (both the project repository and any other). More details here
...
102 - url: string # The address of the remote repository. More details here
103   branch: string # The branch name. More details here
104   commit: string # The commit
105   tag: string # The tag name
106   add: string # A source path in a repository. More details here
107   to: string # A destination path in image. More details here
108   owner: string # The name or UID of the owner. More details here
109   group: string # The name or GID of the owner’s group. More details here
110   includePaths: [ glob, ... ] # Globs for including. More details here
111   excludePaths: [ glob, ... ] # Globs for excluding. More details here
112   stageDependencies: # The organization of restarting assembly instructions when defined changes occur in the git repository. More details here
113     install: [ glob, ... ] # Globs for install stage
114     beforeSetup: [ glob, ... ] # Globs for beforeSetup stage
115     setup: [ glob, ... ] # Globs for setup stage
116 secrets: # Secrets used in image build. Only one of the following options can be used in a single instance: env, src, or value. More details here
117 - id: string # Secret unique identifier (mandatory only for the value type)
118   env: string # A secret from an environment variable
119   src: string # A secret from a file at the given path
120   value: string # Custom string value
121 shell: # Shell assembly instructions. More details here
...
122   beforeInstall: [ string, ... ] # Commands for beforeInstall stage. More details here
123   install: [ string, ... ] # Commands for install stage. More details here
124   beforeSetup: [ string, ... ] # Commands for beforeSetup stage. More details here
125   setup: [ string, ... ] # Commands for setup stage. More details here
126   cacheVersion: string # Common cache version. More details here
127   beforeInstallCacheVersion: string # Cache version for beforeInstall stage. More details here
128   installCacheVersion: string # Cache version for install stage. More details here
129   beforeSetupCacheVersion: string # Cache version for beforeSetup stage. More details here
130   setupCacheVersion: string # Cache version for setup stage. More details here
131 ansible: # Ansible assembly instructions. More details here
...
132   beforeInstall: [ task, ... ] # Tasks for beforeInstall stage. More details here
133   install: [ task, ... ] # Tasks for install stage. More details here
134   beforeSetup: [ task, ... ] # Tasks for beforeSetup stage. More details here
135   setup: [ task, ... ] # Tasks for setup stage. More details here
136   cacheVersion: string # Common cache version. More details here
137   beforeInstallCacheVersion: string # Cache version for beforeInstall stage. More details here
138   installCacheVersion: string # Cache version for install stage. More details here
139   beforeSetupCacheVersion: string # Cache version for beforeSetup stage. More details here
140   setupCacheVersion: string # Cache version for setup stage. More details here
141 imageSpec: # Image configuration according to the OCI specification. More details here
142   author: string # Author of the image
143   clearHistory: bool # Remove all image build history
144   config: # Common image configuration
...
145     cmd: [string, ...] # Set CMD. More details here
146     entrypoint: [string, ...] # Set ENTRYPOINT. More details here
147     env: { name string: value string, ... } # List of environment variables to add. More details here
148     expose: [string, ...] # Set exposed ports. More details here
149     healthcheck: { test: [string, ...], interval: string, retries: int } # Healthcheck configuration. Intervals are in seconds.. More details here
150     labels: { name string: value string, ... } # List of labels to add
151     stopSignal: string # Set STOPSIGNAL. More details here
152     user: string # Set USER. More details here
153     volumes: [string, ...] # List of volumes to add. More details here
154     workingDir: string # Set WORKDIR. More details here
155     removeEnv: [ string || /REGEXP/, ... ] # List of environment variables to remove
156     removeLabels: [ string || /REGEXP/, ... ] # List of labels to remove
157     removeVolumes: [string, ...] # List of volumes to remove
158     keepEssentialWerfLabels: bool # Do not remove werf labels necessary for normal operation
159     clearCmd: bool # Remove CMD
160     clearEntrypoint: bool # Remove ENTRYPOINT
161     clearUser: bool # Remove USER
162     clearWorkingDir: bool # Remove WORKDIR
163 docker: # Set of directives to change the image manifest (DEPRECATED). Incompatible with the imageSpec directive. More details here
...
164   exactValues: bool # Set specified options values as-is, including unescaped quotes and spaces. Option affects only docker-server backend and does not affect buildah backend.
165   USER: string # The user name (or UID) and optionally the user group (or GID). More details here
166   WORKDIR: string # The working directory. More details here
167   VOLUME: [ string, ... ] # Mount points. More details here
168   ENV: { name string: value string, ... } # The environment variables. More details here
169   LABEL: { name string: value string, ... } # The metadata to an image. More details here
170   EXPOSE: [ string, ... ] # To inform Docker that the container listens on the specified network ports at runtime. More details here
171   ENTRYPOINT: string | [ string, ... ] # To configure a container that will run as an executable. Shell and exec forms are supported. More details here
172   CMD: string | [ string, ... ] # To provide default arguments for the ENTRYPOINT to configure a container that will run as an executable. Shell and exec forms are supported. More details here
173   HEALTHCHECK: string # To tell Docker how to test a container to check that it is still working. More details here
174 mount: # Mount points. More details here
...
175 - from: tmp_dir || build_dir # Service folder name
176   fromPath: string # Absolute or relative path to an arbitrary file or folder on host
177   to: string # Absolute path in image
178 import: # Imports. More details here
...
179 - artifact: string # The artifact name from which you want to copy files (DEPRECATED)
180   image: string # The image name from which you want to copy files
181   stage: string # The stage name from which you want to copy files (the latest one by default)
182   before: string # The stage name before which to perform importing files. At present, only install and setup stages are supported
183   after: string # The stage name after which to perform importing files. At present, only install and setup stages are supported
184   add: string # The absolute file or folder path in source image for copying
185   to: string # The absolute path in destination image. In case of absence, destination path equals source path
186   owner: string # The name or UID of the owner
187   group: string # The name or GID of the owner’s group
188   includePaths: [ glob, ... ] # Globs for including
189   excludePaths: [ glob, ... ] # Globs for excluding
190 dependencies: # Dependencies images for current image
...
191 - image: string # Dependency image name, which should be built before building current image
192   before: string # The stage name before which image info should be imported (specify install or setup). Specified target env variables will be available at user stages after stage specified by this directive.
193   after: string # The stage name after which image info should be imported (specify install or setup). Specified target env variables will be available at user stages after stage specified by this directive.
194   imports: # Define target environment variables to import image information into current image (optional)
195   - type: string # Type of image info: ImageName, ImageDigest, ImageRepo or ImageTag
196     targetEnv: string # Name of environment variable which will contain specified type of information about image
cncf logo
werf is a Cloud Native Computing Foundation sandbox project
flant logo
werf was originally created by Flant
The Linux Foundation® (TLF) has registered trademarks and uses trademarks. For a list of TLF trademarks, see Trademark Usage.
Site last generated: May 7, 2025 at 13:20 +0300