`kubernetes`¶

Module for handling kubernetes calls.

optdepends:

kubernetes Python client >= v19.15.0
PyYAML >= 5.3.1

configuration:

The k8s API settings are provided either in a pillar, in the minion’s config file, or in master’s config file. The classic kubeconfig-based setup looks like:

kubernetes.kubeconfig: '/path/to/kubeconfig'
kubernetes.kubeconfig-data: '<base64 encoded kubeconfig content>'
kubernetes.context: 'context'

For other auth modes — in-cluster ServiceAccount, bearer token, basic auth, or explicit client certificates with optional proxy support — see the dedicated Authentication guide. All settings can also be supplied via K8S_AUTH_* environment variables (compatible with Ansible’s kubernetes.core collection) or as per-call kwargs that take precedence over both env and config.

The data format for kubernetes.kubeconfig-data value is the content of kubeconfig base64 encoded in one line.

These settings can be overridden by adding context and kubeconfig or kubeconfig_data parameters when calling a function.

Only kubeconfig or kubeconfig-data should be provided. In case both are provided kubeconfig entry is preferred.

CLI Example:

salt '*' kubernetes.nodes
salt '*' kubernetes.nodes kubeconfig=/etc/salt/k8s/kubeconfig context=minikube

Added in version 2017.7.0.

Changed in version 2019.2.0.

Changed in version 2.1.0: Added in-cluster ServiceAccount, bearer token, basic auth, explicit client-certificate, proxy, and K8S_AUTH_* environment-variable auth modes. The legacy kubeconfig path is unchanged and remains the default. See Authentication.

Warning

Configuration options changed in 2019.2.0. The following configuration options have been removed:

kubernetes.user
kubernetes.password
kubernetes.api_url
kubernetes.certificate-authority-data/file
kubernetes.client-certificate-data/file
kubernetes.client-key-data/file

These options were re-introduced under different names in 2.1.0 as part of the rich-auth work — see the auth guide. The 2019.2.0 removal warning still stands for the legacy names; use the new kubernetes.host / kubernetes.api_key / kubernetes.username / kubernetes.client_cert / etc. options instead.

saltext.kubernetes.modules.kubernetesmod.__virtual__()[source]¶: Check dependencies

saltext.kubernetes.modules.kubernetesmod.ping(**kwargs)[source]¶

Checks connection with the kubernetes API server. Returns True if the API is available.

CLI Example:

salt '*' kubernetes.ping

saltext.kubernetes.modules.kubernetesmod.nodes(**kwargs)[source]¶

Return the names of the nodes composing the kubernetes cluster

CLI Example:

salt '*' kubernetes.nodes

saltext.kubernetes.modules.kubernetesmod.node(name, **kwargs)[source]¶

Return the details of the node identified by the specified name

CLI Example:

salt '*' kubernetes.node name='minikube'

saltext.kubernetes.modules.kubernetesmod.node_labels(name, **kwargs)[source]¶

Return the labels of the node identified by the specified name

name: The name of the node

CLI Example:

salt '*' kubernetes.node_labels name="minikube"

saltext.kubernetes.modules.kubernetesmod.node_add_label(node_name, label_name, label_value, **kwargs)[source]¶

Set the value of the label identified by label_name to label_value on the node identified by the name node_name. Creates the label if not present.

node_name: The name of the node
label_name: The name of the label
label_value: The value of the label

CLI Example:

salt '*' kubernetes.node_add_label node_name="minikube"             label_name="foo" label_value="bar"

saltext.kubernetes.modules.kubernetesmod.node_remove_label(node_name, label_name, **kwargs)[source]¶

Removes the label identified by label_name from the node identified by the name node_name.

node_name: The name of the node
label_name: The name of the label

CLI Example:

salt '*' kubernetes.node_remove_label node_name="minikube"             label_name="foo"

saltext.kubernetes.modules.kubernetesmod.node_annotations(name, **kwargs)[source]¶

Return the annotations on the named node, or an empty dict if the node is absent.

Added in version 2.1.0.

name: Name of the node to read.

CLI Example:

salt '*' kubernetes.node_annotations name="minikube"

saltext.kubernetes.modules.kubernetesmod.node_add_annotation(node_name, annotation_name, annotation_value, **kwargs)[source]¶

Set or update an annotation on the named node.

Added in version 2.1.0.

Creates the annotation if not present; updates the value if it is. Annotations differ from labels in that they accept arbitrary string values (no DNS-label syntax restriction) and are not used for selectors. See the Kubernetes docs: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

node_name: Name of the node to annotate.
annotation_name: Annotation key. May contain / to namespace the key.
annotation_value: Annotation value. Coerced to str.

CLI Example:

salt '*' kubernetes.node_add_annotation node_name="minikube"             annotation_name="example.com/owner" annotation_value="ops"

saltext.kubernetes.modules.kubernetesmod.node_remove_annotation(node_name, annotation_name, **kwargs)[source]¶

Remove an annotation from the named node.

Added in version 2.1.0.

Removing an annotation that is not present is a no-op (no error raised); the function still returns the live node object.

node_name: Name of the node.
annotation_name: Annotation key to remove.

CLI Example:

salt '*' kubernetes.node_remove_annotation node_name="minikube"             annotation_name="example.com/owner"

saltext.kubernetes.modules.kubernetesmod.namespaces(**kwargs)[source]¶

Return the names of the available namespaces.

Returns a list of namespace name strings.

CLI Example:

salt '*' kubernetes.namespaces

saltext.kubernetes.modules.kubernetesmod.deployments(namespace='default', **kwargs)[source]¶

Return a list of kubernetes deployments defined in the namespace

namespace: The namespace to list deployments from. Defaults to default.

CLI Example:

salt '*' kubernetes.deployments
salt '*' kubernetes.deployments namespace=default

saltext.kubernetes.modules.kubernetesmod.services(namespace='default', **kwargs)[source]¶

Return a list of kubernetes services defined in the namespace

namespace: The namespace to list services from. Defaults to default.

CLI Example:

salt '*' kubernetes.services
salt '*' kubernetes.services namespace=default

saltext.kubernetes.modules.kubernetesmod.pods(namespace='default', **kwargs)[source]¶

Return a list of kubernetes pods defined in the namespace

namespace: The namespace to list pods from. Defaults to default.

CLI Example:

salt '*' kubernetes.pods
salt '*' kubernetes.pods namespace=default

saltext.kubernetes.modules.kubernetesmod.secrets(namespace='default', **kwargs)[source]¶

Return a list of kubernetes secrets defined in the namespace

namespace: The namespace to list secrets from. Defaults to default.

CLI Example:

salt '*' kubernetes.secrets
salt '*' kubernetes.secrets namespace=default

saltext.kubernetes.modules.kubernetesmod.configmaps(namespace='default', **kwargs)[source]¶

Return a list of kubernetes configmaps defined in the namespace

namespace: The namespace to list configmaps from. Defaults to default.

CLI Example:

salt '*' kubernetes.configmaps
salt '*' kubernetes.configmaps namespace=default

saltext.kubernetes.modules.kubernetesmod.statefulsets(namespace='default', **kwargs)[source]¶

Added in version 2.1.0.

Return a list of kubernetes statefulsets defined in the namespace

namespace: The namespace to list statefulsets from. Defaults to default.

CLI Example:

salt '*' kubernetes.statefulsets
salt '*' kubernetes.statefulsets namespace=default

saltext.kubernetes.modules.kubernetesmod.replicasets(namespace='default', **kwargs)[source]¶

Added in version 2.1.0.

Return a list of kubernetes replicasets defined in the namespace

namespace: The namespace to list replicasets from. Defaults to default.

CLI Example:

salt '*' kubernetes.replicasets
salt '*' kubernetes.replicasets namespace=default

saltext.kubernetes.modules.kubernetesmod.daemonsets(namespace='default', **kwargs)[source]¶

Added in version 2.1.0.

Return a list of kubernetes daemonsets defined in the namespace

namespace: The namespace to list daemonsets from. Defaults to default.

CLI Example:

salt '*' kubernetes.daemonsets
salt '*' kubernetes.daemonsets namespace=default

saltext.kubernetes.modules.kubernetesmod.storageclasses(**kwargs)[source]¶

Added in version 2.1.0.

Return a list of kubernetes storageclasses.

CLI Example:

salt '*' kubernetes.storageclasses

saltext.kubernetes.modules.kubernetesmod.show_deployment(name, namespace='default', **kwargs)[source]¶

Return the kubernetes deployment defined by name and namespace

name: The name of the deployment
namespace: The namespace to look for the deployment. Defaults to default.

CLI Example:

salt '*' kubernetes.show_deployment my-nginx default
salt '*' kubernetes.show_deployment name=my-nginx namespace=default

saltext.kubernetes.modules.kubernetesmod.show_service(name, namespace='default', **kwargs)[source]¶

Return the kubernetes service defined by name and namespace

name: The name of the service
namespace: The namespace to look for the service. Defaults to default.

CLI Example:

salt '*' kubernetes.show_service my-nginx default
salt '*' kubernetes.show_service name=my-nginx namespace=default

saltext.kubernetes.modules.kubernetesmod.show_pod(name, namespace='default', **kwargs)[source]¶

Return POD information for a given pod name defined in the namespace

name: The name of the pod
namespace: The namespace to look for the pod. Defaults to default.

CLI Example:

salt '*' kubernetes.show_pod guestbook-708336848-fqr2x
salt '*' kubernetes.show_pod guestbook-708336848-fqr2x namespace=default

saltext.kubernetes.modules.kubernetesmod.show_namespace(name, **kwargs)[source]¶

Return information for a given namespace defined by the specified name

name: The name of the namespace to show

CLI Example:

salt '*' kubernetes.show_namespace kube-system

saltext.kubernetes.modules.kubernetesmod.show_secret(name, namespace='default', decode=False, **kwargs)[source]¶

Return the kubernetes secret defined by name and namespace. The secrets can be decoded if specified by the user. Warning: this has security implications.

name: The name of the secret
namespace: The namespace to look for the secret. Defaults to default.
decode: Decode the secret values. Default is False

CLI Example:

salt '*' kubernetes.show_secret confidential default
salt '*' kubernetes.show_secret name=confidential namespace=default
salt '*' kubernetes.show_secret name=confidential decode=True

saltext.kubernetes.modules.kubernetesmod.show_configmap(name, namespace='default', **kwargs)[source]¶

Return the kubernetes configmap defined by name and namespace.

name: The name of the configmap
namespace: The namespace to look for the configmap. Defaults to default.

CLI Example:

salt '*' kubernetes.show_configmap game-config default
salt '*' kubernetes.show_configmap name=game-config namespace=default

saltext.kubernetes.modules.kubernetesmod.show_statefulset(name, namespace='default', **kwargs)[source]¶

Added in version 2.1.0.

Return the kubernetes statefulset defined by name and namespace.

name: The name of the statefulset
namespace: The namespace to look for the statefulset. Defaults to default.

CLI Example:

salt '*' kubernetes.show_statefulset my-statefulset default
salt '*' kubernetes.show_statefulset name=my-statefulset namespace=default

saltext.kubernetes.modules.kubernetesmod.show_replicaset(name, namespace='default', **kwargs)[source]¶

Added in version 2.1.0.

Return the kubernetes replicaset defined by name and namespace.

name: The name of the replicaset
namespace: The namespace to look for the replicaset. Defaults to default.

CLI Example:

salt '*' kubernetes.show_replicaset my-replicaset default
salt '*' kubernetes.show_replicaset name=my-replicaset namespace=default

saltext.kubernetes.modules.kubernetesmod.show_daemonset(name, namespace='default', **kwargs)[source]¶

Added in version 2.1.0.

Return the kubernetes daemonset defined by name and namespace.

name: The name of the daemonset
namespace: The namespace to look for the daemonset. Defaults to default.

CLI Example:

salt '*' kubernetes.show_daemonset my-daemonset default
salt '*' kubernetes.show_daemonset name=my-daemonset namespace=default

saltext.kubernetes.modules.kubernetesmod.show_storageclass(name, **kwargs)[source]¶

Added in version 2.1.0.

Return the kubernetes storageclass defined by name.

name: The name of the storageclass

CLI Example:

salt '*' kubernetes.show_storageclass my-storageclass
salt '*' kubernetes.show_storageclass name=my-storageclass

saltext.kubernetes.modules.kubernetesmod.delete_deployment(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Deletes the kubernetes deployment defined by name and namespace

name: The name of the deployment
namespace: The namespace to delete the deployment from. Defaults to default.
wait: Added in version 2.0.0.

Wait for deployment deletion to complete (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_deployment my-nginx default wait=True

saltext.kubernetes.modules.kubernetesmod.delete_service(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Deletes the kubernetes service defined by name and namespace

name: The name of the service
namespace: The namespace to delete the service from. Defaults to default.
wait: Added in version 2.0.0.

Wait for service deletion to complete (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_service my-nginx default
salt '*' kubernetes.delete_service name=my-nginx namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_pod(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Deletes the kubernetes pod defined by name and namespace

name: The name of the pod
namespace: The namespace to delete the pod from. Defaults to default.
wait: Added in version 2.0.0.

Wait for pod deletion to complete (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_pod guestbook-708336848-5nl8c default
salt '*' kubernetes.delete_pod name=guestbook-708336848-5nl8c namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_namespace(name, wait=False, timeout=60, **kwargs)[source]¶

Deletes the kubernetes namespace defined by name

name: The name of the namespace
wait: Added in version 2.0.0.

Wait for namespace deletion to complete (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_namespace salt
salt '*' kubernetes.delete_namespace name=salt

saltext.kubernetes.modules.kubernetesmod.delete_secret(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Deletes the kubernetes secret defined by name and namespace

name: The name of the secret
namespace: The namespace to delete the secret from. Defaults to default.
wait: Added in version 2.0.0.

Wait for secret deletion to complete (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_secret confidential default
salt '*' kubernetes.delete_secret name=confidential namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_configmap(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Deletes the kubernetes configmap defined by name and namespace

name: The name of the configmap
namespace: The namespace to delete the configmap from. Defaults to default.
wait: Added in version 2.0.0.

Wait for configmap deletion to complete (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_configmap settings default
salt '*' kubernetes.delete_configmap name=settings namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_statefulset(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Deletes the kubernetes statefulset defined by name and namespace

name: The name of the statefulset
namespace: The namespace to delete the statefulset from. Defaults to default.
wait: Wait for statefulset deletion to complete (default: False)
timeout: Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_statefulset my-statefulset default
salt '*' kubernetes.delete_statefulset name=my-statefulset namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_replicaset(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Deletes the kubernetes replicaset defined by name and namespace

name: The name of the replicaset
namespace: The namespace to delete the replicaset from. Defaults to default.
wait: Wait for replicaset deletion to complete (default: False)
timeout: Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_replicaset my-replicaset default
salt '*' kubernetes.delete_replicaset name=my-replicaset namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_daemonset(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Deletes the kubernetes daemonset defined by name and namespace

name: The name of the daemonset
namespace: The namespace to delete the daemonset from. Defaults to default.
wait: Wait for daemonset deletion to complete (default: False)
timeout: Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_daemonset my-daemonset default
salt '*' kubernetes.delete_daemonset name=my-daemonset namespace=default

saltext.kubernetes.modules.kubernetesmod.delete_storageclass(name, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Deletes the kubernetes storageclass defined by name

name: The name of the storageclass
wait: Wait for storageclass deletion to complete (default: False)
timeout: Timeout in seconds to wait for deletion (default: 60)

CLI Example:

salt '*' kubernetes.delete_storageclass my-storageclass
salt '*' kubernetes.delete_storageclass name=my-storageclass

saltext.kubernetes.modules.kubernetesmod.create_deployment(name, namespace, metadata, spec, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Creates the kubernetes deployment as defined by the user.

name: The name of the deployment
namespace: The namespace to create the deployment in
metadata: Deployment metadata dict
spec: Deployment spec dict following kubernetes API conventions
source: File path to deployment definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
template_context: Added in version 2.0.0.

Variables to make available in templated files
dry_run: Added in version 2.0.0.

If True, only simulates the creation of the deployment
wait: Added in version 2.0.0.

Wait for deployment to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deployment (default: 60)

CLI Example:

salt '*' kubernetes.create_deployment name=nginx namespace=default spec='{"replicas": 1}' wait=True

saltext.kubernetes.modules.kubernetesmod.create_pod(name, namespace, metadata, spec, source=None, template=None, saltenv=None, template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Creates a kubernetes pod as defined by the user.

name: The name of the pod
namespace: The namespace to create the pod in
metadata: Pod metadata dict
spec: Pod spec dict following kubernetes API conventions
source: File path to pod definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
template_context: Added in version 2.0.0.

Variables to make available in templated files
wait: Added in version 2.0.0.

Wait for pod to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for pod (default: 60)

Pod spec must follow kubernetes API conventions:

- spec:
    ports:
    - containerPort: 8080
        name: http
        protocol: TCP

CLI Examples:

salt '*' kubernetes.create_pod name=nginx namespace=default spec='{"containers": [{"name": "nginx", "image": "nginx"}]}'

saltext.kubernetes.modules.kubernetesmod.create_service(name, namespace, metadata, spec, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Creates the kubernetes service as defined by the user.

name: The name of the service
namespace: The namespace to create the service in
metadata: Service metadata dict
spec: Service spec dict that follows kubernetes API conventions
source: File path to service definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
template_context: Added in version 2.0.0.

Variables to make available in templated files
wait: Added in version 2.0.0.

Wait for service to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for service (default: 60)

Service spec must follow kubernetes API conventions. Port specifications can be:

Simple integer for basic port definition: [80, 443]

Dictionary for advanced configuration:

- spec:
    ports:
      - port: 80
        targetPort: 8080
        name: http    # Required if multiple ports are specified
      - port: 443
        targetPort: web-https  # targetPort can reference container port names
        name: https
        nodePort: 30443       # nodePort must be between 30000-32767

CLI Examples:

salt '*' kubernetes.create_service name=nginx namespace=default spec='{"ports": [80]}'

salt '*' kubernetes.create_service name=nginx namespace=default spec='{
    "ports": [{"port": 80, "targetPort": 8000, "name": "http"}],
    "selector": {"app": "nginx"},
    "type": "LoadBalancer"
}'

saltext.kubernetes.modules.kubernetesmod.create_secret(name, namespace='default', data=None, source=None, template=None, saltenv=None, template_context=None, secret_type=None, metadata=None, dry_run=False, wait=False, timeout=60, append_hash=False, **kwargs)[source]¶

Creates the kubernetes secret as defined by the user. Values that are already base64 encoded will not be re-encoded.

Note

Automatic encoding of secret values might cause issues if the values are not correctly identified as base64. If you run into issues - encode the values before passing them to this function.

name: The name of the secret
namespace: The namespace to create the secret in. Defaults to default.
data: A dictionary of key-value pairs to store in the secret
source: File path to secret definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
template_context: Added in version 2.0.0.

Variables to make available in templated files
secret_type: Added in version 2.0.0.

The type of the secret
metadata: Added in version 2.0.0.

Secret metadata dict
wait: Added in version 2.0.0.

Wait for secret to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for secret (default: 60)

CLI Example:

# For regular secrets with plain text values
salt 'minion1' kubernetes.create_secret             passwords default '{"db": "letmein"}'

# For secrets with pre-encoded values
salt 'minion2' kubernetes.create_secret             name=passwords namespace=default data='{"db": "bGV0bWVpbg=="}'

# For docker registry secrets
salt 'minion3' kubernetes.create_secret             name=docker-registry             type=kubernetes.io/dockerconfigjson             data='{".dockerconfigjson": "{"auths":{...}}"}'

# For TLS secrets
salt 'minion4' kubernetes.create_secret             name=tls-secret             type=kubernetes.io/tls             data='{"tls.crt": "...", "tls.key": "..."}'

saltext.kubernetes.modules.kubernetesmod.create_configmap(name, namespace, data, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, append_hash=False, **kwargs)[source]¶

Creates the kubernetes configmap as defined by the user.

name: The name of the configmap
namespace: The namespace to create the configmap in
data: A dictionary of key-value pairs to store in the configmap
source: File path to configmap definition

Changed in version 2.0.0: The configmap definition must be a proper spec with the configmap data in the data key. In previous versions, the rendered output was used as the data directly.
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
template_context: Added in version 2.0.0.

Variables to make available in templated files
wait: Added in version 2.0.0.

Wait for configmap to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for configmap (default: 60)

CLI Example:

salt 'minion1' kubernetes.create_configmap             settings default '{"example.conf": "# example file"}'

salt 'minion2' kubernetes.create_configmap             name=settings namespace=default data='{"example.conf": "# example file"}'

saltext.kubernetes.modules.kubernetesmod.create_namespace(name, **kwargs)[source]¶

Creates a namespace with the specified name.

name: The name of the namespace to create

CLI Example:

salt '*' kubernetes.create_namespace salt
salt '*' kubernetes.create_namespace name=salt

saltext.kubernetes.modules.kubernetesmod.create_statefulset(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Creates a statefulset with the specified name, namespace, metadata, and spec.

name: The name of the statefulset
namespace: The namespace to create the statefulset in. Defaults to default.
metadata: StatefulSet metadata dict
spec: StatefulSet spec dict following kubernetes API conventions
source: File path to statefulset definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the creation of the statefulset
wait: Wait for statefulset to become ready (default: False)
timeout: Timeout in seconds to wait for statefulset (default: 60)

CLI Example:

salt '*' kubernetes.create_statefulset name=my-statefulset namespace=default spec='{"replicas": 3}' wait=True

saltext.kubernetes.modules.kubernetesmod.create_replicaset(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Creates a replicaset with the specified name, namespace, metadata, and spec.

name: The name of the replicaset
namespace: The namespace to create the replicaset in. Defaults to default.
metadata: ReplicaSet metadata dict
spec: ReplicaSet spec dict following kubernetes API conventions
source: File path to replicaset definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the creation of the replicaset
wait: Wait for replicaset to become ready (default: False)
timeout: Timeout in seconds to wait for replicaset (default: 60)

CLI Example:

salt '*' kubernetes.create_replicaset name=my-rs namespace=default spec='{"replicas": 3}' wait=True

saltext.kubernetes.modules.kubernetesmod.create_daemonset(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Creates a daemonset with the specified name, namespace, metadata, and spec.

name: The name of the daemonset
namespace: The namespace to create the daemonset in. Defaults to default.
metadata: DaemonSet metadata dict
spec: DaemonSet spec dict following kubernetes API conventions
source: File path to daemonset definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the creation of the daemonset
wait: Wait for daemonset to become ready (default: False)
timeout: Timeout in seconds to wait for daemonset (default: 60)

CLI Example:

salt '*' kubernetes.create_daemonset name=my-ds namespace=default wait=True

saltext.kubernetes.modules.kubernetesmod.create_storageclass(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Creates a storageclass with the specified name, metadata, and spec.

name: The name of the storageclass
metadata: StorageClass metadata dict
spec: StorageClass spec dict following kubernetes API conventions
source: File path to storageclass definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the creation of the storageclass
wait: Wait for storageclass to become ready (default: False)
timeout: Timeout in seconds to wait for storageclass (default: 60)

CLI Example:

salt '*' kubernetes.create_storageclass name=fast-sc spec='{"provisioner": "kubernetes.io/no-provisioner"}'

saltext.kubernetes.modules.kubernetesmod.replace_deployment(name, metadata, spec, source=None, template=None, saltenv=None, namespace='default', template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Replaces an existing deployment with a new one defined by name and namespace, having the specificed metadata and spec.

name: The name of the deployment
metadata: Deployment metadata dict
spec: Deployment spec dict following kubernetes API conventions
source: File path to deployment definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
namespace: The namespace to replace the deployment in. Defaults to default.
template_context: Added in version 2.0.0.

Variables to make available in templated files
wait: Added in version 2.0.0.

Wait for deployment to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for deployment (default: 60)

CLI Example:

salt '*' kubernetes.replace_deployment *args

saltext.kubernetes.modules.kubernetesmod.replace_service(name, old_service, metadata, spec, source=None, template=None, saltenv=None, namespace='default', template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Changed in version 2.0.0: The old_service parameter was moved to the second position, which pushes metadata, spec, source and template one position further down the parameter list.

Replaces an existing service with a new one defined by name and namespace, having the specified metadata and spec.

name: The name of the service
old_service: The existing service to replace
metadata: Service metadata dict
spec: Service spec dict following kubernetes API conventions
source: File path to service definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
namespace: The namespace to replace the service in. Defaults to default.
template_context: Added in version 2.0.0.

Variables to make available in templated files
wait: Added in version 2.0.0.

Wait for service to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for service (default: 60)

CLI Example:

salt '*' kubernetes.replace_service name=my-service             old_service='{"metadata": {"resourceVersion": "12345"}, "spec": {"clusterIP": "10.0.0.1"}}'             metadata='{"labels": {"app": "my-app"}}'             spec='{"ports": [{"port": 80, "targetPort": 8080}], "selector": {"app": "my-app"}}'             source=/path/to/service.yaml             template=jinja             saltenv=base             namespace=default             template_context='{"var1": "value1"}'

saltext.kubernetes.modules.kubernetesmod.replace_secret(name, data, source=None, template=None, saltenv=None, namespace='default', template_context=None, secret_type=None, metadata=None, wait=False, timeout=60, **kwargs)[source]¶

Replaces an existing secret with a new one defined by name and namespace. Values that are already base64 encoded will not be re-encoded. If a source file is specified, the secret type will be read from the template.

Note

Automatic encoding of secret values might cause issues if the values are not correctly identified as base64. If you run into issues - encode the values before passing them to this function.

name: The name of the secret
data: A dictionary of key-value pairs to store in the secret
source: File path to secret definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
namespace: The namespace to replace the secret in. Defaults to default.
template_context: Added in version 2.0.0.

Variables to make available in templated files
secret_type: Added in version 2.0.0.

The type of the secret
metadata: Added in version 2.0.0.

Secret metadata dict
wait: Added in version 2.0.0.

Wait for secret to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for secret (default: 60)

CLI Example:

# For regular secrets with plain text values
salt 'minion1' kubernetes.replace_secret             name=passwords data='{"db": "letmein"}'

# For secrets with pre-encoded values
salt 'minion2' kubernetes.replace_secret             name=passwords data='{"db": "bGV0bWVpbg=="}'

# For docker registry secrets
salt 'minion3' kubernetes.replace_secret             name=docker-registry             source=/path/to/docker-secret.yaml             secret_type=kubernetes.io/dockerconfigjson

# For TLS secrets
salt 'minion4' kubernetes.replace_secret             name=tls-secret             source=/path/to/tls-secret.yaml             secret_type=kubernetes.io/tls

saltext.kubernetes.modules.kubernetesmod.replace_configmap(name, data, source=None, template=None, saltenv=None, namespace='default', template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Replaces an existing configmap with a new one defined by name and namespace with the specified data.

name: The name of the configmap
data: A dictionary of key-value pairs to store in the configmap
source: File path to configmap definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from

Changed in version 2.0.0: Defaults to the value of the saltenv minion option or base.
namespace: The namespace to replace the configmap in. Defaults to default.
template_context: Added in version 2.0.0.

Variables to make available in templated files
wait: Added in version 2.0.0.

Wait for configmap to become ready (default: False)
timeout: Added in version 2.0.0.

Timeout in seconds to wait for configmap (default: 60)

CLI Example:

salt 'minion1' kubernetes.replace_configmap             settings default '{"example.conf": "# example file"}'

salt 'minion2' kubernetes.replace_configmap             name=settings namespace=default data='{"example.conf": "# example file"}'

saltext.kubernetes.modules.kubernetesmod.replace_statefulset(name, namespace, spec, metadata=None, source=None, template=None, saltenv=None, template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Replaces an existing statefulset with a new one defined by name and namespace with the specified spec.

name: The name of the statefulset
namespace: The namespace of the statefulset
spec: A dictionary representing the spec of the statefulset
metadata: A dictionary representing the metadata of the statefulset
source: File path to statefulset definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
wait: Wait for statefulset to become ready (default: False)
timeout: Timeout in seconds to wait for statefulset (default: 60)

CLI Example:

salt 'minion1' kubernetes.replace_statefulset             name=my-statefulset namespace=default spec='{"replicas": 3}'

saltext.kubernetes.modules.kubernetesmod.replace_replicaset(name, namespace, spec, metadata=None, source=None, template=None, saltenv=None, template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Replaces an existing replicaset with a new one defined by name and namespace with the specified spec.

name: The name of the replicaset
namespace: The namespace of the replicaset
spec: A dictionary representing the spec of the replicaset
metadata: A dictionary representing the metadata of the replicaset
source: File path to replicaset definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
wait: Wait for replicaset to become ready (default: False)
timeout: Timeout in seconds to wait for replicaset (default: 60)

CLI Example:

salt 'minion1' kubernetes.replace_replicaset             name=my-replicaset namespace=default spec='{"replicas": 3}'

saltext.kubernetes.modules.kubernetesmod.replace_daemonset(name, namespace, spec, metadata=None, source=None, template=None, saltenv=None, template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Replaces an existing daemonset with a new one defined by name and namespace with the specified spec.

name: The name of the daemonset
namespace: The namespace of the daemonset
spec: A dictionary representing the spec of the daemonset
metadata: A dictionary representing the metadata of the daemonset
source: File path to daemonset definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
wait: Wait for daemonset to become ready (default: False)
timeout: Timeout in seconds to wait for daemonset (default: 60)

CLI Example:

salt 'minion1' kubernetes.replace_daemonset             name=my-daemonset namespace=default spec='{"replicas": 3}'

saltext.kubernetes.modules.kubernetesmod.replace_storageclass(name, spec, metadata=None, source=None, template=None, saltenv=None, template_context=None, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Replaces an existing storageclass with a new one defined by name.

name: The name of the storageclass
spec: A dictionary representing the spec of the storageclass
metadata: A dictionary representing the metadata of the storageclass
source: File path to storageclass definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
wait: Wait for storageclass to become ready (default: False)
timeout: Timeout in seconds to wait for storageclass (default: 60)

CLI Example:

salt 'minion1' kubernetes.replace_storageclass             name=my-storageclass spec='{"provisioner": "kubernetes.io/no-provisioner"}'

saltext.kubernetes.modules.kubernetesmod.patch_service(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.0.0.

Patches an existing service with the provided patch dictionary.

name: The name of the service
namespace: The namespace of the service
patch: A dictionary representing the patch to apply to the service
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for service to become ready (default: False)
timeout: Timeout in seconds to wait for service (default: 60)

CLI Example:

salt '*' kubernetes.patch_service \
    name=my-service \
    namespace=default \
    patch='{"spec": {"type": "LoadBalancer"}}'

saltext.kubernetes.modules.kubernetesmod.patch_secret(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.0.0.

Patches an existing secret with the provided patch dictionary.

name: The name of the secret
namespace: The namespace of the secret
patch: A dictionary representing the patch to apply to the secret
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for secret to become ready (default: False)
timeout: Timeout in seconds to wait for secret (default: 60)

CLI Example:

salt '*' kubernetes.patch_secret \
    name=my-secret \
    namespace=default \
    patch='{"data": {"password": "bmV3cGFzcw=="}}'

saltext.kubernetes.modules.kubernetesmod.patch_configmap(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.0.0.

Patches an existing configmap with the provided patch dictionary.

name: The name of the configmap
namespace: The namespace of the configmap
patch: A dictionary representing the patch to apply to the configmap
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for configmap to become ready (default: False)
timeout: Timeout in seconds to wait for configmap (default: 60)

CLI Example:

salt '*' kubernetes.patch_configmap \
    name=my-config \
    namespace=default \
    patch='{"data": {"key": "new-value"}}'

saltext.kubernetes.modules.kubernetesmod.patch_deployment(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.0.0.

Patches an existing deployment with the provided patch dictionary.

name: The name of the deployment
namespace: The namespace of the deployment
patch: A dictionary representing the patch to apply to the deployment
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for deployment to become ready (default: False)
timeout: Timeout in seconds to wait for deployment (default: 60)

CLI Example:

salt '*' kubernetes.patch_deployment             name=my-deployment             namespace=default             patch='{"spec": {"replicas": 5}}'

saltext.kubernetes.modules.kubernetesmod.patch_statefulset(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Patches an existing statefulset with the provided patch dictionary.

name: The name of the statefulset
namespace: The namespace of the statefulset
patch: A dictionary representing the patch to apply to the statefulset
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for statefulset to become ready (default: False)
timeout: Timeout in seconds to wait for statefulset (default: 60)

CLI Example:

salt '*' kubernetes.patch_statefulset             name=my-statefulset             namespace=default             patch='{"spec": {"replicas": 5}}'

saltext.kubernetes.modules.kubernetesmod.patch_replicaset(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Patches an existing replicaset with the provided patch dictionary.

name: The name of the replicaset
namespace: The namespace of the replicaset
patch: A dictionary representing the patch to apply to the replicaset
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for replicaset to become ready (default: False)
timeout: Timeout in seconds to wait for replicaset (default: 60)

CLI Example:

salt '*' kubernetes.patch_replicaset             name=my-replicaset             namespace=default             patch='{"spec": {"replicas": 5}}'

saltext.kubernetes.modules.kubernetesmod.patch_daemonset(name, namespace, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Patches an existing daemonset with the provided patch dictionary.

name: The name of the daemonset
namespace: The namespace of the daemonset
patch: A dictionary representing the patch to apply to the daemonset
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for daemonset to become ready (default: False)
timeout: Timeout in seconds to wait for daemonset (default: 60)

CLI Example:

salt '*' kubernetes.patch_daemonset             name=my-daemonset             namespace=default             patch='{"spec": {"replicas": 5}}'

saltext.kubernetes.modules.kubernetesmod.patch_storageclass(name, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait=False, timeout=60, **kwargs)[source]¶

Added in version 2.1.0.

Patches an existing storageclass with the provided patch dictionary.

name: The name of the storageclass
patch: A dictionary representing the patch to apply to the storageclass
source: File path to patch definition
template: Template engine to use to render the source file
saltenv: Salt environment to pull the source file from
template_context: Variables to make available in templated files
dry_run: If True, only simulates the patch without applying it (default: False)
wait: Wait for storageclass to become ready (default: False)
timeout: Timeout in seconds to wait for storageclass (default: 60)

CLI Example:

salt '*' kubernetes.patch_storageclass             name=my-storageclass             patch='{"reclaimPolicy": "Retain"}'

saltext.kubernetes.modules.kubernetesmod.roles(namespace='default', **kwargs)[source]¶

Return a list of role names in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.roles namespace=kube-system

saltext.kubernetes.modules.kubernetesmod.role_bindings(namespace='default', **kwargs)[source]¶

Return a list of role-binding names in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.role_bindings namespace=kube-system

saltext.kubernetes.modules.kubernetesmod.cluster_roles(**kwargs)[source]¶

Return a list of cluster-role names.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.cluster_roles

saltext.kubernetes.modules.kubernetesmod.cluster_role_bindings(**kwargs)[source]¶

Return a list of cluster-role-binding names.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.cluster_role_bindings

saltext.kubernetes.modules.kubernetesmod.service_accounts(namespace='default', **kwargs)[source]¶

Return a list of service-account names in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.service_accounts namespace=kube-system

saltext.kubernetes.modules.kubernetesmod.show_role(name, namespace='default', **kwargs)[source]¶

Return the role name in namespace, or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_role

saltext.kubernetes.modules.kubernetesmod.show_role_binding(name, namespace='default', **kwargs)[source]¶

Return the role-binding name in namespace, or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_role_binding

saltext.kubernetes.modules.kubernetesmod.show_cluster_role(name, **kwargs)[source]¶

Return the cluster-role name, or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_cluster_role

saltext.kubernetes.modules.kubernetesmod.show_cluster_role_binding(name, **kwargs)[source]¶

Return the cluster-role-binding name, or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_cluster_role_binding

saltext.kubernetes.modules.kubernetesmod.show_service_account(name, namespace='default', **kwargs)[source]¶

Return the service-account name in namespace, or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_service_account

saltext.kubernetes.modules.kubernetesmod.create_role(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a Role in namespace from a spec dict (with a rules list) or a source file path. Returns the created object.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.create_role name=pod-reader namespace=default             spec='{"rules": [{"apiGroups": [""], "resources": ["pods"], "verbs": ["get","list"]}]}'

saltext.kubernetes.modules.kubernetesmod.create_role_binding(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a RoleBinding in namespace from a spec dict (with subjects + roleRef) or a source file path.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.create_role_binding

saltext.kubernetes.modules.kubernetesmod.create_cluster_role(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a ClusterRole from a spec dict (rules and optional aggregationRule) or a source file path.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.create_cluster_role

saltext.kubernetes.modules.kubernetesmod.create_cluster_role_binding(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a ClusterRoleBinding from a spec dict (subjects + roleRef) or a source file path.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.create_cluster_role_binding

saltext.kubernetes.modules.kubernetesmod.create_service_account(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a ServiceAccount in namespace from optional fields (automount_service_account_token, image_pull_secrets, secrets) or a source file path.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.create_service_account

saltext.kubernetes.modules.kubernetesmod.replace_role(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an existing Role.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.replace_role

saltext.kubernetes.modules.kubernetesmod.replace_role_binding(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an existing RoleBinding.

Added in version 2.1.0.

Note

The Kubernetes API server treats roleRef as immutable. If your replacement changes roleRef, the API will reject it; this function surfaces the error explicitly with a clear message rather than silently no-op’ing. To change a binding’s roleRef you must delete and recreate the binding.

CLI Example:

salt '*' kubernetes.replace_role_binding

saltext.kubernetes.modules.kubernetesmod.replace_cluster_role(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an existing ClusterRole.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.replace_cluster_role

saltext.kubernetes.modules.kubernetesmod.replace_cluster_role_binding(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an existing ClusterRoleBinding.

Added in version 2.1.0.

Note

roleRef is immutable; see replace_role_binding().

CLI Example:

salt '*' kubernetes.replace_cluster_role_binding

saltext.kubernetes.modules.kubernetesmod.replace_service_account(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an existing ServiceAccount.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.replace_service_account

saltext.kubernetes.modules.kubernetesmod.patch_role(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a Role with a strategic-merge patch.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.patch_role

saltext.kubernetes.modules.kubernetesmod.patch_role_binding(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a RoleBinding.

Added in version 2.1.0.

Note

roleRef is immutable; including it in patch will be rejected.

CLI Example:

salt '*' kubernetes.patch_role_binding

saltext.kubernetes.modules.kubernetesmod.patch_cluster_role(name, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a ClusterRole.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.patch_cluster_role

saltext.kubernetes.modules.kubernetesmod.patch_cluster_role_binding(name, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a ClusterRoleBinding.

Added in version 2.1.0.

Note

roleRef is immutable; including it in patch will be rejected.

CLI Example:

salt '*' kubernetes.patch_cluster_role_binding

saltext.kubernetes.modules.kubernetesmod.patch_service_account(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a ServiceAccount.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.patch_service_account

saltext.kubernetes.modules.kubernetesmod.delete_role(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a Role.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.delete_role

saltext.kubernetes.modules.kubernetesmod.delete_role_binding(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a RoleBinding.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.delete_role_binding

saltext.kubernetes.modules.kubernetesmod.delete_cluster_role(name, wait=False, timeout=60, **kwargs)[source]¶

Delete a ClusterRole.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.delete_cluster_role

saltext.kubernetes.modules.kubernetesmod.delete_cluster_role_binding(name, wait=False, timeout=60, **kwargs)[source]¶

Delete a ClusterRoleBinding.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.delete_cluster_role_binding

saltext.kubernetes.modules.kubernetesmod.delete_service_account(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a ServiceAccount.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.delete_service_account

saltext.kubernetes.modules.kubernetesmod.jobs(namespace='default', **kwargs)[source]¶

Return a list of Job names in namespace.

Added in version 2.1.0.

namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.jobs

saltext.kubernetes.modules.kubernetesmod.cron_jobs(namespace='default', **kwargs)[source]¶

Return a list of CronJob names in namespace.

Added in version 2.1.0.

namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.cron_jobs

saltext.kubernetes.modules.kubernetesmod.show_job(name, namespace='default', **kwargs)[source]¶

Return the Job named name in namespace.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.show_job

saltext.kubernetes.modules.kubernetesmod.show_cron_job(name, namespace='default', **kwargs)[source]¶

Return the CronJob named name in namespace.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.show_cron_job

saltext.kubernetes.modules.kubernetesmod.create_job(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, wait_for_completion=False, timeout=300, **kwargs)[source]¶

Create a Job from a spec dict (with template) or a source file.

Added in version 2.1.0.

wait_for_completion: Poll the Job’s status.conditions until Complete=True (return the Job) or Failed=True (raise CommandExecutionError) or the wall-clock timeout elapses (raise).

CLI Example:

salt '*' kubernetes.create_job

saltext.kubernetes.modules.kubernetesmod.create_cron_job(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a CronJob.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.create_cron_job

saltext.kubernetes.modules.kubernetesmod.replace_job(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace a Job.

Added in version 2.1.0.

Note

Job spec.selector and most of spec.template are immutable after creation. The API server will reject a replace that changes them; for those cases delete and recreate.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_job

saltext.kubernetes.modules.kubernetesmod.replace_cron_job(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace a CronJob.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_cron_job

saltext.kubernetes.modules.kubernetesmod.patch_job(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a Job (e.g. to update labels or ttlSecondsAfterFinished).

Added in version 2.1.0.

Unlike RBAC kinds (where the patch path flattens spec: because those kinds have no real .spec field), Job/CronJob patches are passed through verbatim so callers can target nested fields like spec.suspend or spec.template.metadata.labels.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_job

saltext.kubernetes.modules.kubernetesmod.patch_cron_job(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a CronJob (e.g. toggle spec.suspend or change spec.schedule).

Added in version 2.1.0.

Patches are passed through verbatim — callers must include the spec: wrapper for nested fields, matching kubectl-patch semantics.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_cron_job

saltext.kubernetes.modules.kubernetesmod.delete_job(name, namespace='default', propagation_policy='Background', wait=False, timeout=60, **kwargs)[source]¶

Delete a Job.

Added in version 2.1.0.

Default propagation_policy=Background deletes the underlying Pods too — matches kubectl. Pass Orphan to keep them.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_job

saltext.kubernetes.modules.kubernetesmod.delete_cron_job(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a CronJob.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_cron_job

saltext.kubernetes.modules.kubernetesmod.persistent_volumes(**kwargs)[source]¶

Return PV names.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.persistent_volumes

saltext.kubernetes.modules.kubernetesmod.show_persistent_volume(name, **kwargs)[source]¶

Return the PV named name.

Added in version 2.1.0.

name: The name of the object.

CLI Example:

salt '*' kubernetes.show_persistent_volume

saltext.kubernetes.modules.kubernetesmod.create_persistent_volume(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a PV.

Added in version 2.1.0.

name: The name of the object.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.create_persistent_volume

saltext.kubernetes.modules.kubernetesmod.replace_persistent_volume(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace a PV.

Added in version 2.1.0.

Note

Most PV fields are immutable after binding. The API server will reject changes to the volume source, capacity, or accessModes once a PVC has bound to the PV.

name: The name of the object.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_persistent_volume

saltext.kubernetes.modules.kubernetesmod.patch_persistent_volume(name, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a PV.

Added in version 2.1.0.

name: The name of the object.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_persistent_volume

saltext.kubernetes.modules.kubernetesmod.delete_persistent_volume(name, wait=False, timeout=60, **kwargs)[source]¶

Delete a PV.

Added in version 2.1.0.

name: The name of the object.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_persistent_volume

saltext.kubernetes.modules.kubernetesmod.persistent_volume_claims(namespace='default', **kwargs)[source]¶

Return PVC names in namespace.

Added in version 2.1.0.

namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.persistent_volume_claims

saltext.kubernetes.modules.kubernetesmod.show_persistent_volume_claim(name, namespace='default', **kwargs)[source]¶

Return the PVC name in namespace.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.show_persistent_volume_claim

saltext.kubernetes.modules.kubernetesmod.create_persistent_volume_claim(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a PVC.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.create_persistent_volume_claim

saltext.kubernetes.modules.kubernetesmod.replace_persistent_volume_claim(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace a PVC.

Added in version 2.1.0.

Note

After binding, accessModes, selector, volumeName, and storageClassName are immutable. resources.requests .storage can be expanded (only) on storage classes with allowVolumeExpansion: true. The API server will reject invalid changes — replace_persistent_volume_claim() does not silently no-op on immutable-field violations; the rejection surfaces as a clear error.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_persistent_volume_claim

saltext.kubernetes.modules.kubernetesmod.patch_persistent_volume_claim(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a PVC.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_persistent_volume_claim

saltext.kubernetes.modules.kubernetesmod.delete_persistent_volume_claim(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a PVC.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_persistent_volume_claim

saltext.kubernetes.modules.kubernetesmod.ingresses(namespace='default', **kwargs)[source]¶

Return Ingress names in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.ingresses

saltext.kubernetes.modules.kubernetesmod.show_ingress(name, namespace='default', **kwargs)[source]¶

Return the Ingress name in namespace.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.show_ingress

saltext.kubernetes.modules.kubernetesmod.create_ingress(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create an Ingress.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.create_ingress

saltext.kubernetes.modules.kubernetesmod.replace_ingress(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an Ingress.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_ingress

saltext.kubernetes.modules.kubernetesmod.patch_ingress(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch an Ingress.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_ingress

saltext.kubernetes.modules.kubernetesmod.delete_ingress(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete an Ingress.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_ingress

saltext.kubernetes.modules.kubernetesmod.horizontal_pod_autoscalers(namespace='default', **kwargs)[source]¶

Return HPA names in namespace.

Added in version 2.1.0.

namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.horizontal_pod_autoscalers

saltext.kubernetes.modules.kubernetesmod.show_horizontal_pod_autoscaler(name, namespace='default', **kwargs)[source]¶

Return the HPA name in namespace.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.show_horizontal_pod_autoscaler

saltext.kubernetes.modules.kubernetesmod.create_horizontal_pod_autoscaler(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create an HPA (autoscaling/v2).

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.create_horizontal_pod_autoscaler

saltext.kubernetes.modules.kubernetesmod.replace_horizontal_pod_autoscaler(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace an HPA.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_horizontal_pod_autoscaler

saltext.kubernetes.modules.kubernetesmod.patch_horizontal_pod_autoscaler(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch an HPA.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_horizontal_pod_autoscaler

saltext.kubernetes.modules.kubernetesmod.delete_horizontal_pod_autoscaler(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete an HPA.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_horizontal_pod_autoscaler

saltext.kubernetes.modules.kubernetesmod.pod_disruption_budgets(namespace='default', **kwargs)[source]¶

Return PDB names in namespace.

Added in version 2.1.0.

namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.pod_disruption_budgets

saltext.kubernetes.modules.kubernetesmod.show_pod_disruption_budget(name, namespace='default', **kwargs)[source]¶

Return the PDB name in namespace.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.

CLI Example:

salt '*' kubernetes.show_pod_disruption_budget

saltext.kubernetes.modules.kubernetesmod.create_pod_disruption_budget(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a PDB.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.create_pod_disruption_budget

saltext.kubernetes.modules.kubernetesmod.replace_pod_disruption_budget(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Replace a PDB.

Added in version 2.1.0.

Note

PDB spec.selector is immutable. Replacing with a different selector will be rejected by the API server.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
metadata: Object metadata dict (labels, annotations, ownerReferences, etc.). The function fills in name and namespace itself; supply other fields here.
spec: Object spec dict mapped onto the typed Kubernetes V1*Spec for this kind. Either supply directly or via source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.replace_pod_disruption_budget

saltext.kubernetes.modules.kubernetesmod.patch_pod_disruption_budget(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a PDB.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
patch: Strategic-merge patch dict. Mutually exclusive with source.
source: Salt fileserver path (salt://...) to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine used to render source (e.g. "jinja").
saltenv: Salt environment from which to resolve source. Defaults to the minion’s configured saltenv or base.
template_context: Variables made available when rendering source.
dry_run: If True the API server validates and returns what would be written without persisting it. Useful for state-mode test=True previews.

CLI Example:

salt '*' kubernetes.patch_pod_disruption_budget

saltext.kubernetes.modules.kubernetesmod.delete_pod_disruption_budget(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a PDB.

Added in version 2.1.0.

name: The name of the object.
namespace: The namespace to operate in. Defaults to default.
wait: Block until the resource reaches its kind-specific ready predicate.
timeout: Seconds to wait when wait=True (default 60).

CLI Example:

salt '*' kubernetes.delete_pod_disruption_budget

saltext.kubernetes.modules.kubernetesmod.network_policies(namespace='default', **kwargs)[source]¶

List NetworkPolicies in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.network_policies namespace=default

saltext.kubernetes.modules.kubernetesmod.show_network_policy(name, namespace='default', **kwargs)[source]¶

Return the NetworkPolicy or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_network_policy name=deny-all namespace=default

saltext.kubernetes.modules.kubernetesmod.create_network_policy(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a NetworkPolicy.

Added in version 2.1.0.

name: Name of the NetworkPolicy.
namespace: Namespace to create the policy in. Defaults to default.
metadata: Object metadata dict (labels, annotations).
spec: NetworkPolicySpec dict. podSelector is required (an empty {} selects every pod in the namespace). Optional policyTypes, ingress, egress.
source: Salt fileserver path to a YAML manifest. Mutually exclusive with metadata + spec.
template: Template engine for source (e.g. "jinja").
saltenv: Salt environment for source.
template_context: Variables for the renderer.
dry_run: Server-side validate only; do not persist.

CLI Example:

salt '*' kubernetes.create_network_policy name=deny-all namespace=default             spec='{"podSelector": {}, "policyTypes": ["Ingress", "Egress"]}'

saltext.kubernetes.modules.kubernetesmod.replace_network_policy(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Replace a NetworkPolicy in full.

Added in version 2.1.0.

name: Name of the existing NetworkPolicy.
namespace: Namespace of the NetworkPolicy.
metadata, spec, source, template, saltenv, template_context, dry_run: See create_network_policy().

CLI Example:

salt '*' kubernetes.replace_network_policy name=deny-all namespace=default             spec='{"podSelector": {"matchLabels": {"app": "web"}}}'

saltext.kubernetes.modules.kubernetesmod.patch_network_policy(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Strategic-merge-patch a NetworkPolicy.

Added in version 2.1.0.

name: Name of the existing NetworkPolicy.
namespace: Namespace of the NetworkPolicy.
patch: Patch dictionary applied via strategic merge.
source: Salt fileserver path to a YAML patch document.
template, saltenv, template_context: Renderer wiring for source.
dry_run: Server-side validate only.

CLI Example:

salt '*' kubernetes.patch_network_policy name=deny-all namespace=default             patch='{"spec": {"policyTypes": ["Ingress"]}}'

saltext.kubernetes.modules.kubernetesmod.delete_network_policy(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a NetworkPolicy.

Added in version 2.1.0.

name: Name of the NetworkPolicy.
namespace: Namespace of the NetworkPolicy.
wait: Block until the object is fully gone.
timeout: Seconds to wait when wait=True.

CLI Example:

salt '*' kubernetes.delete_network_policy name=deny-all namespace=default

saltext.kubernetes.modules.kubernetesmod.resource_quotas(namespace='default', **kwargs)[source]¶

List ResourceQuotas in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.resource_quotas namespace=team-a

saltext.kubernetes.modules.kubernetesmod.show_resource_quota(name, namespace='default', **kwargs)[source]¶

Return the ResourceQuota or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_resource_quota name=team-a-quota namespace=team-a

saltext.kubernetes.modules.kubernetesmod.create_resource_quota(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a ResourceQuota.

Added in version 2.1.0.

name: Name of the ResourceQuota.
namespace: Namespace to create the quota in.
metadata: Object metadata dict.
spec: ResourceQuotaSpec dict (hard, optional scopes / scopeSelector).
source, template, saltenv, template_context, dry_run: Standard manifest-source plumbing.

CLI Example:

salt '*' kubernetes.create_resource_quota name=team-quota namespace=team-a             spec='{"hard": {"pods": "10", "limits.cpu": "4"}}'

saltext.kubernetes.modules.kubernetesmod.replace_resource_quota(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Replace a ResourceQuota.

Added in version 2.1.0.

name, namespace, metadata, spec, source, template, saltenv, template_context, dry_run: See create_resource_quota().

CLI Example:

salt '*' kubernetes.replace_resource_quota name=team-quota namespace=team-a             spec='{"hard": {"pods": "20"}}'

saltext.kubernetes.modules.kubernetesmod.patch_resource_quota(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a ResourceQuota (strategic merge).

Added in version 2.1.0.

name: Name of the ResourceQuota.
namespace: Namespace of the ResourceQuota.
patch: Patch dict.
source: Salt fileserver path to a YAML patch document.
template, saltenv, template_context: Renderer wiring for source.
dry_run: Server-side validate only.

CLI Example:

salt '*' kubernetes.patch_resource_quota name=team-quota namespace=team-a             patch='{"spec": {"hard": {"pods": "15"}}}'

saltext.kubernetes.modules.kubernetesmod.delete_resource_quota(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a ResourceQuota.

Added in version 2.1.0.

name, namespace: Identify the ResourceQuota.
wait: Block until the object is fully gone.
timeout: Seconds to wait when wait=True.

CLI Example:

salt '*' kubernetes.delete_resource_quota name=team-quota namespace=team-a

saltext.kubernetes.modules.kubernetesmod.limit_ranges(namespace='default', **kwargs)[source]¶

List LimitRanges in namespace.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.limit_ranges namespace=team-a

saltext.kubernetes.modules.kubernetesmod.show_limit_range(name, namespace='default', **kwargs)[source]¶

Return the LimitRange or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_limit_range name=mem-defaults namespace=team-a

saltext.kubernetes.modules.kubernetesmod.create_limit_range(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a LimitRange.

Added in version 2.1.0.

name: Name of the LimitRange.
namespace: Namespace to operate in.
metadata: Object metadata.
spec: LimitRangeSpec dict — limits is a list of LimitRangeItem entries (type, max, min, default, defaultRequest, maxLimitRequestRatio).
source, template, saltenv, template_context, dry_run: Standard manifest-source plumbing.

CLI Example:

salt '*' kubernetes.create_limit_range name=mem-defaults namespace=team-a             spec='{"limits": [{"type": "Container", "default": {"memory": "256Mi"}}]}'

saltext.kubernetes.modules.kubernetesmod.replace_limit_range(name, namespace='default', metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Replace a LimitRange.

Added in version 2.1.0.

name, namespace, metadata, spec, source, template, saltenv, template_context, dry_run: See create_limit_range().

CLI Example:

salt '*' kubernetes.replace_limit_range name=mem-defaults namespace=team-a             spec='{"limits": [{"type": "Container", "default": {"memory": "512Mi"}}]}'

saltext.kubernetes.modules.kubernetesmod.patch_limit_range(name, namespace='default', patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a LimitRange (strategic merge).

Added in version 2.1.0.

name, namespace, patch, source, template, saltenv, template_context, dry_run: See patch_resource_quota().

CLI Example:

salt '*' kubernetes.patch_limit_range name=mem-defaults namespace=team-a             patch='{"spec": {"limits": [{"type": "Container", "default": {"memory": "1Gi"}}]}}'

saltext.kubernetes.modules.kubernetesmod.delete_limit_range(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶

Delete a LimitRange.

Added in version 2.1.0.

name, namespace, wait, timeout: See delete_resource_quota().

CLI Example:

salt '*' kubernetes.delete_limit_range name=mem-defaults namespace=team-a

saltext.kubernetes.modules.kubernetesmod.priority_classes(**kwargs)[source]¶

List PriorityClasses cluster-wide.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.priority_classes

saltext.kubernetes.modules.kubernetesmod.show_priority_class(name, **kwargs)[source]¶

Return the PriorityClass or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_priority_class name=high-priority

saltext.kubernetes.modules.kubernetesmod.create_priority_class(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a PriorityClass (cluster-scoped).

Added in version 2.1.0.

name

Name of the PriorityClass.

metadata

Object metadata dict (labels, annotations).

spec

Body fields (PriorityClass has no nested spec):

value (int) — required priority weight.
description (str) — optional human-readable text.
globalDefault (bool) — at most one PriorityClass per cluster may set this to true.
preemptionPolicy — "PreemptLowerPriority" (default) or "Never".

source, template, saltenv, template_context, dry_run

Standard manifest-source plumbing.

CLI Example:

salt '*' kubernetes.create_priority_class name=high             spec='{"value": 1000000, "globalDefault": false, "description": "High prio"}'

saltext.kubernetes.modules.kubernetesmod.replace_priority_class(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Replace a PriorityClass.

Added in version 2.1.0.

name, metadata, spec, source, template, saltenv, template_context, dry_run: See create_priority_class(). Note: the value and globalDefault fields are immutable post-creation.

CLI Example:

salt '*' kubernetes.replace_priority_class name=high             spec='{"value": 1000000, "description": "Updated description"}'

saltext.kubernetes.modules.kubernetesmod.patch_priority_class(name, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a PriorityClass (strategic merge).

Added in version 2.1.0.

name: Name of the PriorityClass.
patch: Patch dict.
source, template, saltenv, template_context, dry_run: Standard plumbing.

CLI Example:

salt '*' kubernetes.patch_priority_class name=high             patch='{"metadata": {"annotations": {"reviewed": "2026-05"}}}'

saltext.kubernetes.modules.kubernetesmod.delete_priority_class(name, wait=False, timeout=60, **kwargs)[source]¶

Delete a PriorityClass.

Added in version 2.1.0.

name: Name of the PriorityClass.
wait: Block until the object is fully gone.
timeout: Seconds to wait when wait=True.

CLI Example:

salt '*' kubernetes.delete_priority_class name=high

saltext.kubernetes.modules.kubernetesmod.custom_resource_definitions(**kwargs)[source]¶

List installed CustomResourceDefinitions.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.custom_resource_definitions

saltext.kubernetes.modules.kubernetesmod.show_custom_resource_definition(name, **kwargs)[source]¶

Return the CRD or None if absent.

Added in version 2.1.0.

CLI Example:

salt '*' kubernetes.show_custom_resource_definition name=widgets.example.io

saltext.kubernetes.modules.kubernetesmod.create_custom_resource_definition(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Create a CustomResourceDefinition.

Added in version 2.1.0.

name: Fully-qualified CRD name (<plural>.<group>).
metadata: Object metadata.
spec: CustomResourceDefinitionSpec dict — group, names (plural, singular, kind, shortNames), scope (Namespaced or Cluster) and versions (each with name, served, storage, schema).
source, template, saltenv, template_context, dry_run: Standard plumbing.

CLI Example:

salt '*' kubernetes.create_custom_resource_definition name=widgets.example.io             spec='{"group": "example.io", "scope": "Namespaced",                   "names": {"plural": "widgets", "singular": "widget", "kind": "Widget"},                   "versions": [{"name": "v1", "served": true, "storage": true,                   "schema": {"openAPIV3Schema": {"type": "object"}}}]}'

saltext.kubernetes.modules.kubernetesmod.replace_custom_resource_definition(name, metadata=None, spec=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Replace a CRD.

Added in version 2.1.0.

name, metadata, spec, source, template, saltenv, template_context, dry_run: See create_custom_resource_definition().

CLI Example:

salt '*' kubernetes.replace_custom_resource_definition name=widgets.example.io             spec=@/path/to/spec.json

saltext.kubernetes.modules.kubernetesmod.patch_custom_resource_definition(name, patch=None, source=None, template=None, saltenv=None, template_context=None, dry_run=False, **kwargs)[source]¶

Patch a CRD (strategic merge).

Added in version 2.1.0.

name: Name of the CRD.
patch: Patch dict.
source, template, saltenv, template_context, dry_run: Standard plumbing.

CLI Example:

salt '*' kubernetes.patch_custom_resource_definition name=widgets.example.io             patch='{"metadata": {"annotations": {"owner": "platform"}}}'

saltext.kubernetes.modules.kubernetesmod.delete_custom_resource_definition(name, wait=False, timeout=60, **kwargs)[source]¶

Delete a CRD.

Added in version 2.1.0.

Deletes the definition and (cascade) every instance of the custom resource. Use with care.

name: Name of the CRD.
wait: Block until the object is fully gone (the apiserver garbage- collects custom-resource instances first).
timeout: Seconds to wait when wait=True.

CLI Example:

salt '*' kubernetes.delete_custom_resource_definition name=widgets.example.io wait=True

saltext.kubernetes.modules.kubernetesmod.exec_(name, command, namespace='default', container=None, stdin=None, tty=False, timeout=60, **kwargs)[source]¶

Execute command inside a running Pod (kubectl-exec equivalent).

Added in version 2.1.0.

Returns a dict with stdout, stderr and retcode. If the wall-clock timeout elapses before the command exits, retcode is -1 and stderr contains a “timed out” sentinel; whatever was already buffered on stdout/stderr is returned.

name: Pod name.
command: Either a string (executed via /bin/sh -c) or a list of argv tokens (executed directly).
namespace: Pod namespace. Default: default.
container: Container name to exec into. Required when the Pod has more than one container.
stdin: Optional string fed to the command’s stdin.

Note

The Kubernetes exec subresource websocket protocol does not expose a portable way to signal stdin EOF. Commands that block waiting for EOF (cat, tee, read) will run until the wall-clock timeout. Wrap such commands with a byte-bounded reader (head -c N, dd count=N) or use a shell heredoc to deliver fixed input.
tty: Allocate a TTY (rarely useful in non-interactive contexts).
timeout: Wall-clock cap in seconds. The exec is forcibly closed when the timeout elapses; whatever was buffered up to that point is returned. Default: 60.

CLI Example:

salt '*' kubernetes.exec mypod 'echo hello'
salt '*' kubernetes.exec mypod command='["cat", "/etc/hostname"]'

saltext.kubernetes.modules.kubernetesmod.logs(name, namespace='default', container=None, previous=False, since_seconds=None, tail_lines=None, timestamps=False, **kwargs)[source]¶

Fetch logs from a Pod (kubectl-logs equivalent).

Added in version 2.1.0.

Returns the log text as a single string.

name: Pod name.
namespace: Pod namespace. Default: default.
container: Container to fetch logs from. Required when the Pod has more than one container.
previous: If True, return logs from the previous terminated container instance (e.g. after a crash).
since_seconds: Only return logs from the last N seconds.
tail_lines: Only return the last N lines.
timestamps: Prefix each line with the API server’s RFC3339 timestamp.

CLI Example:

salt '*' kubernetes.logs mypod tail_lines=50
salt '*' kubernetes.logs mypod container=app since_seconds=600

saltext.kubernetes.modules.kubernetesmod.cp_to(name, src_path, dst_path, namespace='default', container=None, **kwargs)[source]¶

Copy a local file or directory into a Pod (kubectl-cp equivalent).

Added in version 2.1.0.

Implementation: tar the local source into a memory buffer and pipe it into the Pod via tar xf - -C <dst>. The Pod must have a tar binary on PATH.

name: Pod name.
src_path: Local file or directory to copy from.
dst_path: Destination directory inside the Pod. The local source is extracted into this directory (preserving its base name).
namespace: Pod namespace. Default: default.
container: Target container in a multi-container Pod.

Returns {"retcode": 0} on success; raises CommandExecutionError on tar failure or pod-side error.

CLI Example:

salt '*' kubernetes.cp_to mypod /tmp/file.txt /var/data

saltext.kubernetes.modules.kubernetesmod.cp_from(name, src_path, dst_path, namespace='default', container=None, **kwargs)[source]¶

Copy a file or directory from a Pod to the local filesystem.

Added in version 2.1.0.

Implementation: tar cf - <src> inside the Pod, capturing the archive over stdout, and extract it locally into dst_path.

name: Pod name.
src_path: Source path inside the Pod.
dst_path: Local destination directory. The source’s base name is preserved as a child of this directory.
namespace: Pod namespace. Default: default.
container: Source container in a multi-container Pod.

CLI Example:

salt '*' kubernetes.cp_from mypod /var/log/app.log /tmp

saltext.kubernetes.modules.kubernetesmod.scale(kind, name, replicas, namespace='default', **kwargs)[source]¶

Set the desired replica count for a Deployment, StatefulSet, or ReplicaSet via the /scale subresource (kubectl-scale equivalent).

Added in version 2.1.0.

Returns the updated V1Scale dict.

kind: One of deployment, statefulset, replicaset (underscore-tolerant: stateful_set, replica_set also accepted).
name: Resource name.
replicas: New desired replica count (non-negative integer).
namespace: Namespace. Default: default.

CLI Example:

salt '*' kubernetes.scale deployment nginx 5
salt '*' kubernetes.scale kind=statefulset name=db replicas=3

saltext.kubernetes.modules.kubernetesmod.restart(kind, name, namespace='default', **kwargs)[source]¶

Trigger a rolling restart of a Deployment / StatefulSet / DaemonSet / ReplicaSet by stamping the pod template with the same kubectl.kubernetes.io/restartedAt annotation kubectl uses.

Added in version 2.1.0.

Returns the patched object.

kind: deployment, statefulset, replicaset, or daemonset (underscore-tolerant).
name: Resource name.
namespace: Namespace. Default: default.

CLI Example:

salt '*' kubernetes.restart deployment nginx
salt '*' kubernetes.restart kind=daemonset name=fluentd

saltext.kubernetes.modules.kubernetesmod.rollback(name, namespace='default', to_revision=None, **kwargs)[source]¶

Roll a Deployment back to a previous revision (kubectl-rollout-undo equivalent for Deployments).

Added in version 2.1.0.

Implementation: list the ReplicaSets owned by the Deployment, sort them by the deployment.kubernetes.io/revision annotation, pick the target (the second-newest by default, or the one matching to_revision if given), and patch the Deployment’s .spec.template to that ReplicaSet’s pod template.

This avoids the deprecated v1 /rollback subresource (removed in K8s 1.16+) and matches the modern kubectl behaviour.

name: Deployment name.
namespace: Namespace. Default: default.
to_revision: Revision number to roll back to. If None, picks the immediately preceding revision.

Returns the patched Deployment.

CLI Example:

salt '*' kubernetes.rollback nginx
salt '*' kubernetes.rollback nginx to_revision=3

saltext.kubernetes.modules.kubernetesmod.patch_object(kind, name, patch, api_version=None, namespace=None, patch_type='strategic', field_manager=None, dry_run=False, **kwargs)[source]¶

Generic object patch with a caller-selected merge strategy.

Added in version 2.1.0.

Lets callers pick between strategic-merge (the kubectl/typed default), JSON merge patch (RFC 7396), and JSON patch (RFC 6902). Useful for CRDs (which only support merge / json patches) and for explicit list-element manipulation via RFC 6902 operations.

This is the public, user-facing patch entry point. It is a thin wrapper around the internal saltext.kubernetes.utils._dynamic.patch_object() plumbing — callers should never reach into _dynamic directly. The wrapping adds three things on top of the GVK-level patch primitive:

Connection lifecycle — runs _setup_conn (which honours every Salt config / pillar / kwarg / env-var precedence rule documented on _setup_conn()) before the call and _cleanup after.
Kwarg marshalling — accepts the standard Salt-loader **kwargs (kubeconfig, context, cluster, host, api_key, etc.) that the loader forwards to module functions.
api_version inference — when omitted, the function looks up the GVK in the typed kind-registry (_KIND_TO_GVK) so callers can pass kind="Deployment" without spelling out the group/version. CRDs and other off-registry kinds require an explicit api_version.

kind: Kubernetes Kind (case-sensitive, e.g. "Deployment", "ConfigMap", "MyCustomResource").
name: Object name.
patch: For patch_type="strategic" or "merge": a dict describing the partial object. For patch_type="json": a list of operation dicts in RFC 6902 format.
api_version: Group/version for the resource (e.g. "apps/v1", "example.com/v1"). If omitted, the function attempts to infer it from the typed kind-registry — works for the bundled kinds; CRDs require an explicit api_version.
namespace: Namespace for namespaced kinds.
patch_type: One of "strategic" (default), "merge" / "json-merge", or "json" / "json-patch".
field_manager: Optional fieldManager name (server-side apply convention).
dry_run: If True, the API server validates the patch and returns the resulting object without persisting changes.

CLI Examples:

# Strategic-merge replace replicas
salt '*' kubernetes.patch_object kind=Deployment name=nginx             namespace=default api_version=apps/v1             patch='{"spec": {"replicas": 5}}'

# RFC 6902 JSON patch
salt '*' kubernetes.patch_object kind=Deployment name=nginx             namespace=default api_version=apps/v1 patch_type=json             patch='[{"op": "replace", "path": "/spec/replicas", "value": 5}]'

saltext.kubernetes.modules.kubernetesmod.list_clusters()[source]¶

Return the configured cluster aliases for this minion.

Added in version 2.1.0.

Aliases are defined under the kubernetes.clusters pillar key:

kubernetes:
  clusters:
    prod:
      kubeconfig: /etc/k8s/prod.conf
      context: prod-admin
    staging:
      host: https://staging.example.com:6443
      api_key: ...

The implicit alias "default" always appears, representing the top-level kubernetes.* config block.

CLI Example:

salt '*' kubernetes.list_clusters

saltext.kubernetes.modules.kubernetesmod.wait_for(name, kind, namespace=None, condition=None, status='True', jsonpath=None, value=None, regex=None, timeout=60, **kwargs)[source]¶

Block until a live resource matches a user-supplied condition or jsonpath.

Added in version 2.1.0.

Mirrors kubectl wait ergonomics. Pass exactly one of condition or jsonpath.

name: Object name.
kind: Resource type as recognised by the kind registry (e.g. deployment, service, pod).
namespace: Namespace for namespaced kinds. Ignored for cluster-scoped kinds.
condition: status.conditions[*].type to match (e.g. Available, Ready). The matching condition’s status must equal status.
status: Expected condition status when condition is given. Defaults to "True".
jsonpath: kubectl-style jsonpath to resolve against the live object (e.g. .status.loadBalancer.ingress[0].ip). Mutually exclusive with condition.
value: When jsonpath is given, require equality with value.
regex: When jsonpath is given, require the stringified value to match this regex (re.search).
timeout: Seconds to wait before giving up. Default 60.

Returns True on match, raises CommandExecutionError on timeout or on watch errors.

CLI Example:

salt '*' kubernetes.wait_for nginx kind=deployment condition=Available

saltext.kubernetes.modules.kubernetesmod.cluster_info(**kwargs)[source]¶

Return a summary of the cluster (kubectl-cluster-info / kubectl-version equivalent).

Added in version 2.1.0.

Returns a dict with:

server_version — the API server’s reported version (major, minor, gitVersion, platform, etc.)
healthz — string body returned by GET /healthz (typically "ok" on a healthy cluster).
api_groups — list of available API group names.

CLI Example:

salt '*' kubernetes.cluster_info

saltext.kubernetes.modules.kubernetesmod.cordon(name, **kwargs)[source]¶

Mark a node as unschedulable (kubectl-cordon equivalent).

Added in version 2.1.0.

name: Node name.

Returns the patched Node object.

CLI Example:

salt '*' kubernetes.cordon

saltext.kubernetes.modules.kubernetesmod.uncordon(name, **kwargs)[source]¶

Mark a node as schedulable again (kubectl-uncordon equivalent).

Added in version 2.1.0.

Sends spec.unschedulable: null so the field is removed via strategic-merge patch. Setting False would leave the field present (just falsy), which kubectl avoids for cleanliness.

CLI Example:

salt '*' kubernetes.uncordon

saltext.kubernetes.modules.kubernetesmod.taint(name, key, effect, value=None, **kwargs)[source]¶

Add (or update) a taint on a node (kubectl-taint equivalent).

Added in version 2.1.0.

Existing taints with the same (key, effect) are replaced; other taints are preserved. To remove a taint use untaint().

name: Node name.
key: Taint key. The standard reserved keys are node-role.kubernetes.io/control-plane, node.kubernetes.io/*; operator-defined keys are arbitrary strings.
effect: One of NoSchedule, PreferNoSchedule, NoExecute.
value: Optional taint value.

Returns the patched Node object.

CLI Example:

salt '*' kubernetes.taint nodename gpu effect=NoSchedule value=true

saltext.kubernetes.modules.kubernetesmod.untaint(name, key, effect=None, **kwargs)[source]¶

Remove a taint from a node.

Added in version 2.1.0.

name: Node name.
key: Taint key to remove.
effect: Optional. If given, removes only the taint with matching (key, effect); if omitted, removes every taint with this key regardless of effect.

Returns the patched Node object.

CLI Example:

salt '*' kubernetes.untaint

saltext.kubernetes.modules.kubernetesmod.drain(name, ignore_daemonsets=True, delete_emptydir_data=False, disable_eviction=False, force=False, grace_period_seconds=None, timeout=300, **kwargs)[source]¶

Drain a node: cordon it, then evict every (non-DaemonSet, non-mirror) pod on it, waiting for the pods to terminate (kubectl-drain equivalent).

Added in version 2.1.0.

name: Node name.
ignore_daemonsets: Skip DaemonSet-owned pods (which the DaemonSet controller would immediately recreate). Default: True — matches kubectl’s default and the only sensible production behaviour.
delete_emptydir_data: Allow draining pods that use emptyDir volumes (the data is lost). Without this flag and force=True, the drain refuses to remove such pods. Default: False.
disable_eviction: Bypass the eviction API and delete pods directly. Skips PodDisruptionBudget enforcement. Use only when you understand the consequences. Default: False.
force: Required to drain pods that are not managed by a controller (bare pods). Without it the drain refuses to remove such pods, matching kubectl. Default: False.
grace_period_seconds: Per-pod termination grace period override. None means use the pod’s own terminationGracePeriodSeconds.
timeout: Wall-clock cap in seconds for the entire drain (cordon + eviction + waiting for terminations). Default: 300.

Returns a dict:

{"node": <name>,
 "evicted": [<pod-namespace/pod-name>, ...],
 "skipped": [{"pod": ..., "reason": ...}, ...],
 "errors": [{"pod": ..., "error": ...}]}

Raises CommandExecutionError if the timeout elapses before all pods terminate, or if any pod could not be evicted at all.

CLI Example:

salt '*' kubernetes.drain

saltext.kubernetes.modules.kubernetesmod.apply(manifest=None, source=None, namespace=None, field_manager='salt', force_conflicts=False, dry_run=False, template=None, saltenv=None, template_context=None, ignore_labels=None, ignore_annotations=None, ignore_fields=None, validate=False, **kwargs)[source]¶

Server-side apply one or more Kubernetes manifests (kubectl-apply –server-side equivalent).

Added in version 2.1.0.

Accepts a manifest as a Python dict, a list of dicts, a YAML string (single- or multi-document), or a source path to a YAML file that may itself contain multiple documents separated by ---. Source files can be Jinja-templated by setting template.

Returns a list of applied object dicts when more than one manifest is supplied, or a single dict when there’s exactly one.

Unlike the typed CRUD paths (which default missing namespaces to "default"), this function deliberately requires an explicit namespace for namespaced kinds — either in the manifest’s metadata.namespace field or via the namespace parameter.

manifest: A dict, list of dicts, or YAML string. Mutually exclusive with source.
source: Salt fileserver path (salt://...), local path, or anything cp.cache_file can resolve. Mutually exclusive with manifest.
namespace: Fallback namespace for any document that does not declare its own metadata.namespace. Cluster-scoped kinds ignore this.
field_manager: SSA fieldManager name. Default: "salt". Multiple Salt masters managing the same cluster should each set a unique manager so SSA’s conflict tracking can distinguish them.
force_conflicts: If True, override fields owned by another manager. Default: False (apply fails if another manager owns a field we’re trying to set). Use sparingly.
dry_run: If True, perform a server-side dry-run apply: the API server validates the manifest and returns what would be written, without persisting changes. Useful for state-mode test=True previews and for catching admission-webhook rejections before commit.
template: Template engine to render the source file (e.g. "jinja").
saltenv: Salt environment for resolving the source file.
template_context: Variables passed to the renderer.
ignore_labels: List of label keys to exclude from drift detection. The desired manifest’s values under these keys are dropped before apply; the API server’s existing values are preserved.
ignore_annotations: List of annotation keys to exclude from drift detection. Same semantics as ignore_labels. Note: kubectl bookkeeping annotations (kubectl.kubernetes.io/* and deployment.kubernetes.io/*) are always excluded.
ignore_fields: List of JSON-pointer paths (e.g. "/spec/replicas") to drop from the desired manifest before apply. Useful when another controller manages the field (HPA → replicas, admission-webhook → spec.template.spec.serviceAccountName).
validate: If True, run a server-side dry-run apply first to surface validation errors (schema violations, admission-webhook rejections, RBAC denials) before the real apply. Cheap to enable; matches kubernetes.core validate.fail_on_error.

CLI Examples:

salt '*' kubernetes.apply source=salt://manifests/app.yaml
salt '*' kubernetes.apply manifest='{"apiVersion": "v1", \
    "kind": "ConfigMap", "metadata": {"name": "x", "namespace": "default"}, \
    "data": {"k": "v"}}'

saltext.kubernetes.modules.kubernetesmod.get_object(api_version, kind, name, namespace=None, **kwargs)[source]¶

Read a Kubernetes object by GVK, returning None if absent.

Added in version 2.1.0.

The generic read-by-GVK counterpart to apply and delete_manifest. State code (manifest_present / manifest_absent) uses this in test=True mode to detect whether a target already exists.

api_version: Group/version, e.g. "v1", "apps/v1", "networking.k8s.io/v1".
kind: Kubernetes kind name, e.g. "ConfigMap", "Deployment".
name: Object name.
namespace: Namespace for namespaced kinds; ignored for cluster-scoped kinds.

CLI Example:

salt '*' kubernetes.get_object api_version=v1 kind=ConfigMap name=app namespace=default

saltext.kubernetes.modules.kubernetesmod.normalise_manifest_input(manifest=None, source=None, template=None, saltenv=None, template_context=None)[source]¶

Return manifest / source as a list of dicts.

Added in version 2.1.0.

Public helper for state code that needs to inspect the manifest docs without actually applying or deleting them — for example, to decide in test=True mode whether each doc would change. Accepts the same input shapes as apply() / delete_manifest().

CLI Example:

salt '*' kubernetes.normalise_manifest_input source=salt://manifests/app.yaml

saltext.kubernetes.modules.kubernetesmod.delete_manifest(manifest=None, source=None, namespace=None, propagation_policy=None, grace_period_seconds=None, template=None, saltenv=None, template_context=None, **kwargs)[source]¶

Delete one or more Kubernetes objects identified by their manifests (kubectl-delete -f equivalent).

Added in version 2.1.0.

Accepts the same manifest / source shapes as apply(). Each document’s apiVersion, kind, metadata.name, and (for namespaced kinds) metadata.namespace identify the object to remove. Returns None for objects that were already absent (404 swallowed, matching the typed delete_* functions); a list of API server responses otherwise.

propagation_policy: Foreground, Background (default), or Orphan.
grace_period_seconds: Override the per-object termination grace period.

CLI Example:

salt '*' kubernetes.delete_manifest source=salt://manifests/app.yaml

kubernetes¶

`kubernetes`¶