kubernetes¶
Manage kubernetes resources as salt states¶
NOTE: This module requires the proper pillar values set. See salt.modules.kubernetesmod for more information.
Warning
Configuration options will change in 2019.2.0.
The kubernetes module is used to manage different kubernetes resources.
my-nginx:
kubernetes.deployment_present:
- namespace: default
metadata:
app: frontend
spec:
replicas: 1
template:
metadata:
labels:
run: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
ports:
- containerPort: 80
my-mariadb:
kubernetes.deployment_absent:
- namespace: default
# kubernetes deployment as specified inside of
# a file containing the definition of the the
# deployment using the official kubernetes format
redis-master-deployment:
kubernetes.deployment_present:
- name: redis-master
- source: salt://k8s/redis-master-deployment.yml
require:
- pip: kubernetes-python-module
# kubernetes service as specified inside of
# a file containing the definition of the the
# service using the official kubernetes format
redis-master-service:
kubernetes.service_present:
- name: redis-master
- source: salt://k8s/redis-master-service.yml
require:
- kubernetes.deployment_present: redis-master
# kubernetes deployment as specified inside of
# a file containing the definition of the the
# deployment using the official kubernetes format
# plus some jinja directives
nginx-source-template:
kubernetes.deployment_present:
- source: salt://k8s/nginx.yml.jinja
- template: jinja
require:
- pip: kubernetes-python-module
# kubernetes deployment using a template with custom template_context variables
nginx-template-with-template_context:
kubernetes.deployment_present:
- name: nginx-template
- source: salt://k8s/nginx-template.yml.jinja
- template: jinja
- template_context:
replicas: 3
nginx_version: 1.19
environment: production
app_label: frontend
# kubernetes secret with template_context variables
cert-secret-with-template_context:
kubernetes.secret_present:
- name: tls-cert
- source: salt://k8s/tls-cert.yml.jinja
- template: jinja
- template_context:
cert_name: myapp.example.com
cert_data: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- secret_type: kubernetes.io/tls
# Kubernetes secret
k8s-secret:
kubernetes.secret_present:
- name: top-secret
data:
key1: value1
key2: value2
key3: value3
Added in version 2017.7.0.
- saltext.kubernetes.states.kubernetes.__virtual__()[source]¶
Only load if the kubernetes module is available in __salt__
- saltext.kubernetes.states.kubernetes.deployment_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named deployment is absent from the given namespace.
- name
The name of the deployment
- namespace
The name of the namespace
- wait
Added in version 2.0.0.
If set to True, the function will wait until the deployment is deleted.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the deployment to
Example:
my-nginx: kubernetes.deployment_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.deployment_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named deployment is present inside of the specified namespace with the given metadata and spec. If the deployment exists, it will be patched with the desired state.
- name
The name of the deployment.
- namespace
The namespace holding the deployment. The ‘default’ one is going to be used unless a different one is specified.
- metadata
The metadata of the deployment object.
- spec
The spec of the deployment object.
- source
A file containing the definition of the deployment (metadata and spec) in the official kubernetes format.
- template
Template engine to be used to render the source file.
- template_context
Added in version 2.0.0.
Variables to be passed into the template.
- wait
Added in version 2.0.0.
If set to True, the function will wait until the deployment is ready.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the deployment to be ready.
Example:
my-nginx: kubernetes.deployment_present: - namespace: default - metadata: app: frontend - spec: replicas: 1 template: metadata: labels: run: my-nginx spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80
- saltext.kubernetes.states.kubernetes.statefulset_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named statefulset is absent from the given namespace.
- name
The name of the statefulset
- namespace
The name of the namespace
- wait
If set to True, the function will wait until the statefulset is deleted.
- timeout
The time in seconds to wait for the statefulset to be deleted.
Example:
my-statefulset: kubernetes.statefulset_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.statefulset_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named statefulset is present inside of the specified namespace with the given metadata and spec. If the statefulset exists, it will be patched with the desired state.
- name
The name of the statefulset.
- namespace
The namespace holding the statefulset. The ‘default’ one is going to be used unless a different one is specified.
- metadata
The metadata of the statefulset object.
- spec
The spec of the statefulset object.
- source
A file containing the definition of the statefulset (metadata and spec) in the official kubernetes format.
- template
Template engine to be used to render the source file.
- template_context
Variables to be passed into the template.
- wait
If set to True, the function will wait until the statefulset is ready.
- timeout
The time in seconds to wait for the statefulset to be ready.
Example:
my-statefulset: kubernetes.statefulset_present: - namespace: default - metadata: app: myapp - spec: serviceName: my-service replicas: 3 selector: matchLabels: app: myapp template: metadata: labels: app: myapp spec: containers: - name: myapp image: myapp:latest ports: - containerPort: 8080
- saltext.kubernetes.states.kubernetes.replicaset_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named replicaset is absent from the given namespace.
- name
The name of the replicaset
- namespace
The namespace of the replicaset
- wait
Wait for replicaset to be deleted (default: False)
- timeout
Timeout in seconds to wait for replicaset deletion (default: 60)
CLI Example:
my-replicaset: kubernetes.replicaset_absent: namespace: default
- saltext.kubernetes.states.kubernetes.replicaset_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named replicaset is present inside of the specified namespace with the given metadata and spec. If the replicaset exists, it will be patched with the desired state.
- name
The name of the replicaset
- namespace
The namespace of the replicaset
- metadata
A dictionary representing the metadata of the replicaset
- spec
A dictionary representing the spec of the replicaset
- source
File path to replicaset definition
- template
Template engine to use to render the source file
- saltenv
Salt environment to pull the source file from
- template_context
Variables to make available in templated files
- wait
Wait for replicaset to become ready (default: False)
- timeout
Timeout in seconds to wait for replicaset (default: 60)
CLI Example:
my-replicaset: kubernetes.replicaset_present: namespace: default metadata: labels: app: my-app spec: replicas: 3
- saltext.kubernetes.states.kubernetes.daemonset_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named daemonset is absent from the given namespace.
- name
The name of the daemonset
- namespace
The namespace of the daemonset
- wait
Wait for daemonset to be deleted (default: False)
- timeout
Timeout in seconds to wait for daemonset deletion (default: 60)
CLI Example:
my-daemonset: kubernetes.daemonset_absent: namespace: default
- saltext.kubernetes.states.kubernetes.daemonset_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named daemonset is present inside of the specified namespace with the given metadata and spec. If the daemonset exists, it will be patched with the desired state.
- name
The name of the daemonset
- namespace
The namespace of the daemonset
- metadata
Metadata for the daemonset
- spec
Specification for the daemonset
- source
File path to daemonset definition
- template
Template engine to use to render the source file
- saltenv
Salt environment to pull the source file from
- template_context
Variables to make available in templated files
- wait
Wait for daemonset to become ready (default: False)
- timeout
Timeout in seconds to wait for daemonset (default: 60)
CLI Example:
my-daemonset: kubernetes.daemonset_present: namespace: default metadata: labels: app: my-daemonset spec: replicas: 3
- saltext.kubernetes.states.kubernetes.storageclass_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named storageclass is absent.
- name
The name of the storageclass
- wait
Wait for storageclass to be deleted (default: False)
- timeout
Timeout in seconds to wait for storageclass deletion (default: 60)
CLI Example:
my-storageclass: kubernetes.storageclass_absent:
- saltext.kubernetes.states.kubernetes.storageclass_present(name, metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Added in version 2.1.0.
Ensures that the named storageclass is present with the given metadata and spec. If the storageclass exists, it will be patched with the desired state.
- name
The name of the storageclass
- metadata
Metadata for the storageclass
- spec
Specification for the storageclass
- source
File path to storageclass definition
- template
Template engine to use to render the source file
- template_context
Variables to make available in templated files
- wait
Wait for storageclass to become ready (default: False)
- timeout
Timeout in seconds to wait for storageclass (default: 60)
CLI Example:
my-storageclass: kubernetes.storageclass_present: metadata: labels: app: my-storageclass spec: provisioner: kubernetes.io/no-provisioner
- saltext.kubernetes.states.kubernetes.service_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named service is present inside of the specified namespace with the given metadata and spec. If the service exists, it will be patched with the desired state.
- name
The name of the service.
- namespace
The namespace holding the service. The ‘default’ one is going to be used unless a different one is specified.
- metadata
The metadata of the service object.
- spec
The spec of the service object.
- source
A file containing the definition of the service (metadata and spec) in the official kubernetes format.
- template
Template engine to be used to render the source file.
- template_context
Added in version 2.0.0.
Variables to be passed into the template.
- wait
Added in version 2.0.0.
If set to True, the function will wait until the service is created.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the service to be created.
Example:
my-service: kubernetes.service_present: - namespace: default - metadata: app: frontend - spec: ports: - port: 80 targetPort: 80 protocol: TCP selector: app: frontend
- saltext.kubernetes.states.kubernetes.service_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named service is absent from the given namespace.
- name
The name of the service
- namespace
The name of the namespace
- wait
Added in version 2.0.0.
If set to True, the function will wait until the service is deleted.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the service to be deleted.
Example:
my_service: kubernetes.service_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.namespace_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named namespace is absent.
- name
The name of the namespace
- wait
Added in version 2.0.0.
If set to True, the function will wait until the namespace is deleted.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the namespace to be deleted.
Example:
my_namespace: kubernetes.namespace_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.namespace_present(name, **kwargs)[source]¶
Ensures that the named namespace is present.
- name
The name of the namespace.
Example:
my_namespace: kubernetes.namespace_present: - namespace: default
- saltext.kubernetes.states.kubernetes.secret_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named secret is absent from the given namespace.
- name
The name of the secret
- namespace
The name of the namespace
- wait
Added in version 2.0.0.
If set to True, the function will wait until the secret is deleted.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the secret to be deleted.
Example:
my_secret: kubernetes.secret_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.secret_present(name, namespace='default', data=None, source=None, template=None, template_context=None, secret_type=None, metadata=None, wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named secret is present inside of the specified namespace with the given data. If the secret exists, it will be patched with the desired state.
- name
The name of the secret.
- namespace
The namespace holding the secret. The ‘default’ one is going to be used unless a different one is specified.
- data
The dictionary holding the secrets.
- source
A file containing the data of the secret in plain format.
- template
Template engine to be used to render the source file.
- template_context
Added in version 2.0.0.
Variables to be passed into the template.
- secret_type
Added in version 2.0.0.
The type of secret to create. Defaults to
Opaque.- metadata
Added in version 2.0.0.
The metadata to include in the secret (annotations, labels, etc).
- wait
Added in version 2.0.0.
If set to True, the function will wait until the secret is created.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the secret to be created.
Example:
my_secret: kubernetes.secret_present: - namespace: default - data: key1: value1 key2: value2 key3: value3
- saltext.kubernetes.states.kubernetes.configmap_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named configmap is absent from the given namespace.
- name
The name of the configmap
- namespace
The namespace holding the configmap. The ‘default’ one is going to be used unless a different one is specified.
- wait
Added in version 2.0.0.
If set to True, the function will wait until the configmap is deleted.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the configmap to be deleted.
Example:
my_configmap: kubernetes.configmap_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.configmap_present(name, namespace='default', data=None, source=None, template=None, template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named configmap is present inside of the specified namespace with the given data. If the configmap exists, it will be patched with the desired state.
- name
The name of the configmap.
- namespace
The namespace holding the configmap. The ‘default’ one is going to be used unless a different one is specified.
- data
The dictionary holding the configmaps.
- source
A file containing the data of the configmap in plain format.
Changed in version 2.0.0: The configmap definition must be a proper spec with the configmap data in the
datakey. In previous versions, the rendered output was used as the data directly.- template
Template engine to be used to render the source file.
- template_context
Added in version 2.0.0.
Variables to be passed into the template.
- wait
Added in version 2.0.0.
If set to True, the function will wait until the configmap is created.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the configmap to be created.
Example:
my_configmap: kubernetes.configmap_present: - namespace: default - data: key1: value1 key2: value2 key3: value3
- saltext.kubernetes.states.kubernetes.pod_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named pod is absent from the given namespace.
- name
The name of the pod
- namespace
The name of the namespace
- wait
Added in version 2.0.0.
If set to True, the function will wait until the pod is deleted.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the pod to be deleted.
Example:
my_pod: kubernetes.pod_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.pod_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, wait=False, timeout=60, **kwargs)[source]¶
Ensures that the named pod is present inside of the specified namespace with the given metadata and spec.
Note
Pods are immutable once created. If the pod already exists, this state will report success without changes. To update a pod, first remove it with
pod_absentand then recreate it. For managed workloads, consider usingdeployment_presentinstead.- name
The name of the pod.
- namespace
The namespace holding the pod. The ‘default’ one is going to be used unless a different one is specified.
- metadata
The metadata of the pod object.
- spec
The spec of the pod object.
- source
A file containing the definition of the pod (metadata and spec) in the official kubernetes format.
- template
Template engine to be used to render the source file.
- template_context
Added in version 2.0.0.
Variables to be passed into the template.
- wait
Added in version 2.0.0.
If set to True, the function will wait until the pod is created.
- timeout
Added in version 2.0.0.
The time in seconds to wait for the pod to be created.
Example:
my_pod: kubernetes.pod_present: - namespace: default - metadata: app: frontend - spec: containers: - name: my-nginx image: nginx ports: - containerPort: 80
- saltext.kubernetes.states.kubernetes.node_label_absent(name, node, **kwargs)[source]¶
Ensures that the named label is absent from the node.
- name
The name of the label
- node
The name of the node
Example:
my_label: kubernetes.node_label_absent: - node: node_name
- saltext.kubernetes.states.kubernetes.node_label_folder_absent(name, node, **kwargs)[source]¶
Ensures the label folder doesn’t exist on the specified node.
- name
The name of label folder
- node
The name of the node
Example:
my_label_folder: kubernetes.node_label_folder_absent: - node: node_name
- saltext.kubernetes.states.kubernetes.node_label_present(name, node, value, **kwargs)[source]¶
Ensures that the named label is set on the named node with the given value. If the label exists it will be replaced.
- name
The name of the label.
- value
Value of the label.
- node
Node to change.
Example:
my_label: kubernetes.node_label_present: - node: node_name - value: my_value
- saltext.kubernetes.states.kubernetes.node_annotation_absent(name, node, **kwargs)[source]¶
Ensure the named annotation is absent from node.
Added in version 2.1.0.
- name
The annotation key (e.g.
example.com/maintenance).- node
The name of the node.
Example:
clear-maintenance-flag: kubernetes.node_annotation_absent: - name: example.com/maintenance - node: worker-0
- saltext.kubernetes.states.kubernetes.node_annotation_folder_absent(name, node, **kwargs)[source]¶
Ensure no annotations under the
name/prefix exist on node.Added in version 2.1.0.
Useful for cleaning up a whole set of annotations written by a departing controller —
example.com/removes every annotation whose key starts with that prefix.- name
The annotation prefix (e.g.
example.com); the trailing/is added automatically.- node
The name of the node.
Example:
example.com: kubernetes.node_annotation_folder_absent: - node: worker-0
- saltext.kubernetes.states.kubernetes.node_annotation_present(name, node, value, **kwargs)[source]¶
Ensure the named annotation is set on node with value.
Added in version 2.1.0.
If the annotation exists with a different value it is replaced.
- name
The annotation key.
- value
The annotation value (always stringified — Kubernetes annotations are string-valued).
- node
The name of the node.
Example:
example.com/maintenance: kubernetes.node_annotation_present: - node: worker-0 - value: "2026-05-16"
- saltext.kubernetes.states.kubernetes.role_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named Role is absent from namespace.
Added in version 2.1.0.
pod-reader: kubernetes.role_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.role_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named Role is present with the given rules.
Added in version 2.1.0.
pod-reader: kubernetes.role_present: - namespace: default - spec: rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"]
- saltext.kubernetes.states.kubernetes.role_binding_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named RoleBinding is absent from namespace. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.role_binding_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named RoleBinding exists with the given subjects + roleRef.
Added in version 2.1.0.
Note
roleRefis immutable. To change the referenced Role, declarerole_binding_absentfirst and thenrole_binding_presentwith the newroleRef— patchingroleRefwill be rejected by the API.read-pods: kubernetes.role_binding_present: - namespace: default - spec: subjects: - kind: User name: alice apiGroup: rbac.authorization.k8s.io roleRef: kind: Role name: pod-reader apiGroup: rbac.authorization.k8s.io
- saltext.kubernetes.states.kubernetes.cluster_role_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Ensure the named ClusterRole is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.cluster_role_present(name, metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named ClusterRole is present with the given rules.
Added in version 2.1.0.
pod-reader: kubernetes.cluster_role_present: - spec: rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "watch"]
- saltext.kubernetes.states.kubernetes.cluster_role_binding_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Ensure the named ClusterRoleBinding is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.cluster_role_binding_present(name, metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named ClusterRoleBinding is present.
Added in version 2.1.0.
Note
roleRefis immutable; seerole_binding_present().
- saltext.kubernetes.states.kubernetes.service_account_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named ServiceAccount is absent from namespace. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.service_account_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named ServiceAccount is present in namespace.
Added in version 2.1.0.
my-sa: kubernetes.service_account_present: - namespace: default - spec: automount_service_account_token: false image_pull_secrets: - name: my-registry-secret
- saltext.kubernetes.states.kubernetes.node_cordoned(name, **kwargs)[source]¶
Ensure the named node is cordoned (unschedulable).
Added in version 2.1.0.
my-node: kubernetes.node_cordoned: []
- saltext.kubernetes.states.kubernetes.node_uncordoned(name, **kwargs)[source]¶
Ensure the named node is uncordoned (schedulable).
Added in version 2.1.0.
- saltext.kubernetes.states.kubernetes.node_tainted(name, key, effect, value=None, **kwargs)[source]¶
Ensure the named node has the given taint.
Added in version 2.1.0.
Note
State name (
name) is the node name.keyandeffectidentify the taint within the node’s taint list (matching the Kubernetes taint identity rule of (key, effect) uniqueness).gpu-node: kubernetes.node_tainted: - key: gpu - effect: NoSchedule - value: "true"
- saltext.kubernetes.states.kubernetes.node_untainted(name, key, effect=None, **kwargs)[source]¶
Ensure the named node does not carry a taint with the given key.
Added in version 2.1.0.
If effect is given, only the taint with matching
(key, effect)is removed; otherwise every taint with this key is removed.
- saltext.kubernetes.states.kubernetes.manifest_present(name, source=None, manifest=None, namespace=None, field_manager='salt', force_conflicts=False, template=None, template_context=None, **kwargs)[source]¶
Ensure one or more Kubernetes objects described by a manifest are present, using server-side apply.
Added in version 2.1.0.
The manifest may be a Python dict, a list of dicts, a YAML string, or — via
source— a salt:// fileserver path. Multi-document YAML files are supported; every document in the file is applied as a single state operation.- name
The state ID. Used as the
namefield of the result; not sent to the API. Use whatever identifies the SLS rule for you.- source
Salt fileserver path to a YAML manifest. Mutually exclusive with
manifest.- manifest
Inline manifest (dict, list of dicts, or YAML string). Mutually exclusive with
source.- namespace
Fallback namespace for namespaced manifests that don’t declare their own
metadata.namespace. Cluster-scoped kinds ignore.- field_manager
SSA fieldManager. Default:
"salt".- force_conflicts
Override fields owned by another field manager. Default: off.
- template
Source-file template engine (e.g.
"jinja").- template_context
Variables passed to the renderer.
my-app-stack: kubernetes.manifest_present: - source: salt://manifests/my-app.yaml - namespace: production - template: jinja # Or inline: my-config: kubernetes.manifest_present: - manifest: apiVersion: v1 kind: ConfigMap metadata: name: app-config namespace: default data: greeting: hello
- saltext.kubernetes.states.kubernetes.manifest_absent(name, source=None, manifest=None, namespace=None, propagation_policy=None, grace_period_seconds=None, template=None, template_context=None, **kwargs)[source]¶
Ensure one or more Kubernetes objects described by a manifest are absent.
Added in version 2.1.0.
Accepts the same manifest / source shapes as
manifest_present().my-app-stack: kubernetes.manifest_absent: - source: salt://manifests/my-app.yaml - propagation_policy: Foreground
- saltext.kubernetes.states.kubernetes.job_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named Job is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.job_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named Job exists with the given pod template.
Added in version 2.1.0.
Note
Job
selectorand most ofspec.templateare immutable after creation; if your manifest changes them, the patch will be rejected. For mutable changes (labels, ttlSecondsAfterFinished), the state behaves normally.my-job: kubernetes.job_present: - namespace: default - spec: template: spec: restartPolicy: Never containers: - name: hello image: busybox command: ["echo", "hi"]
- saltext.kubernetes.states.kubernetes.cron_job_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named CronJob is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.cron_job_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named CronJob exists.
Added in version 2.1.0.
my-cron: kubernetes.cron_job_present: - namespace: default - spec: schedule: "*/5 * * * *" concurrencyPolicy: Forbid jobTemplate: spec: template: spec: restartPolicy: OnFailure containers: - name: tick image: busybox command: ["echo", "tick"]
- saltext.kubernetes.states.kubernetes.ingress_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named Ingress is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.ingress_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named Ingress is present.
Added in version 2.1.0.
my-ingress: kubernetes.ingress_present: - namespace: default - spec: ingressClassName: nginx rules: - host: example.com http: paths: - path: / pathType: Prefix backend: service: name: my-svc port: number: 80
- saltext.kubernetes.states.kubernetes.horizontal_pod_autoscaler_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named HPA is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.horizontal_pod_autoscaler_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named HPA is present.
Added in version 2.1.0.
my-hpa: kubernetes.horizontal_pod_autoscaler_present: - namespace: default - spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: my-app minReplicas: 2 maxReplicas: 10 metrics: - type: Resource resource: name: cpu target: type: Utilization averageUtilization: 70
- saltext.kubernetes.states.kubernetes.pod_disruption_budget_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named PDB is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.pod_disruption_budget_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named PDB is present.
Added in version 2.1.0.
Note
PDB
spec.selectoris immutable. Changing it will be rejected by the API; declare the PDB absent first if you need a different selector.my-pdb: kubernetes.pod_disruption_budget_present: - namespace: default - spec: minAvailable: 2 selector: match_labels: app: my-app
- saltext.kubernetes.states.kubernetes.persistent_volume_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Ensure the named PV is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.persistent_volume_present(name, metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named PV is present.
Added in version 2.1.0.
Note
Most PV fields are immutable after binding (volume source, capacity, accessModes). For an unmanaged-volume migration, declare the PV absent first.
my-pv: kubernetes.persistent_volume_present: - spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce hostPath: path: /var/data/my-pv
- saltext.kubernetes.states.kubernetes.persistent_volume_claim_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named PVC is absent. .. versionadded:: 2.1.0
- saltext.kubernetes.states.kubernetes.persistent_volume_claim_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named PVC is present.
Added in version 2.1.0.
Note
After binding,
accessModes,selector,volumeName, andstorageClassNameare immutable.resources.requests .storagecan be expanded (only grown) on storage classes withallowVolumeExpansion: true.my-pvc: kubernetes.persistent_volume_claim_present: - namespace: default - spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi storageClassName: standard
- saltext.kubernetes.states.kubernetes.network_policy_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named NetworkPolicy is absent.
Added in version 2.1.0.
deny-all: kubernetes.network_policy_absent: - namespace: default
- saltext.kubernetes.states.kubernetes.network_policy_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named NetworkPolicy is present with the given spec.
Added in version 2.1.0.
deny-all: kubernetes.network_policy_present: - namespace: default - spec: podSelector: {} policyTypes: - Ingress - Egress
- saltext.kubernetes.states.kubernetes.resource_quota_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named ResourceQuota is absent.
Added in version 2.1.0.
team-quota: kubernetes.resource_quota_absent: - namespace: team-a
- saltext.kubernetes.states.kubernetes.resource_quota_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named ResourceQuota is present with the given spec.
Added in version 2.1.0.
team-quota: kubernetes.resource_quota_present: - namespace: team-a - spec: hard: pods: "10" limits.cpu: "4" limits.memory: 4Gi
- saltext.kubernetes.states.kubernetes.limit_range_absent(name, namespace='default', wait=False, timeout=60, **kwargs)[source]¶
Ensure the named LimitRange is absent.
Added in version 2.1.0.
mem-defaults: kubernetes.limit_range_absent: - namespace: team-a
- saltext.kubernetes.states.kubernetes.limit_range_present(name, namespace='default', metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named LimitRange is present with the given spec.
Added in version 2.1.0.
mem-defaults: kubernetes.limit_range_present: - namespace: team-a - spec: limits: - type: Container default: memory: 256Mi defaultRequest: memory: 128Mi
- saltext.kubernetes.states.kubernetes.priority_class_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Ensure the named PriorityClass is absent.
Added in version 2.1.0.
Cluster-scoped. Pods that reference a deleted PriorityClass keep their existing priority — Kubernetes does not retroactively rewrite pod specs.
high-priority: kubernetes.priority_class_absent: []
- saltext.kubernetes.states.kubernetes.priority_class_present(name, metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named PriorityClass is present.
Added in version 2.1.0.
Cluster-scoped.
valueandglobalDefaultare immutable after creation; changing them in-place will fail. Re-apply with the same values, or delete-and-recreate, for true updates.high-priority: kubernetes.priority_class_present: - spec: value: 1000000 description: Critical workloads globalDefault: false preemptionPolicy: PreemptLowerPriority
- saltext.kubernetes.states.kubernetes.custom_resource_definition_absent(name, wait=False, timeout=60, **kwargs)[source]¶
Ensure the named CustomResourceDefinition is absent.
Added in version 2.1.0.
Cluster-scoped. Deletes every instance of the custom resource as a side-effect (the apiserver garbage-collects them via the CRD’s deletion).
widgets.example.io: kubernetes.custom_resource_definition_absent: []
- saltext.kubernetes.states.kubernetes.custom_resource_definition_present(name, metadata=None, spec=None, source='', template='', template_context=None, **kwargs)[source]¶
Ensure the named CustomResourceDefinition is present.
Added in version 2.1.0.
Use this to declaratively install operator-style CRDs. The CRD becomes available after the apiserver registers and the storage route is wired up; downstream states that create instances should follow it (e.g. via
require: kubernetes: widgets.example.io).widgets.example.io: kubernetes.custom_resource_definition_present: - spec: group: example.io scope: Namespaced names: plural: widgets singular: widget kind: Widget versions: - name: v1 served: true storage: true schema: openAPIV3Schema: type: object