PluginsPlugin KubernetesKubectl

Patch​Patch

Patch a Kubernetes resource with targeted updates.

Unlike kubectl.Apply which requires the full resource specification, kubectl.Patch allows targeted updates to specific fields. Supports three patch strategies: Strategic Merge (default), JSON Merge, and JSON Patch.

yaml
type: "io.kestra.plugin.kubernetes.kubectl.Patch"

Patch pod resource limits and wait for it to become ready.

yaml
id: patch_pod_with_wait
namespace: company.team

tasks:
  - id: patch
    type: io.kestra.plugin.kubernetes.kubectl.Patch
    namespace: production
    resourceType: pod
    resourceName: my-pod
    waitUntilReady: PT5M
    patch: |
      {
        "spec": {
          "containers": [
            {
              "name": "app",
              "resources": {
                "limits": {"memory": "512Mi", "cpu": "500m"},
                "requests": {"memory": "256Mi", "cpu": "250m"}
              }
            }
          ]
        }
      }

Patch a deployment to update container resources using strategic merge (default).

yaml
id: patch_deployment_resources
namespace: company.team

tasks:
  - id: patch
    type: io.kestra.plugin.kubernetes.kubectl.Patch
    namespace: production
    resourceType: deployment
    resourceName: my-api
    apiGroup: apps
    patch: |
      {
        "spec": {
          "template": {
            "spec": {
              "containers": [
                {
                  "name": "api",
                  "resources": {
                    "limits": {"memory": "2Gi", "cpu": "1000m"},
                    "requests": {"memory": "1Gi", "cpu": "500m"}
                  }
                }
              ]
            }
          }
        }
      }

Scale a deployment using JSON Patch operations.

yaml
id: scale_deployment
namespace: company.team

tasks:
  - id: scale
    type: io.kestra.plugin.kubernetes.kubectl.Patch
    namespace: production
    resourceType: deployment
    resourceName: my-api
    apiGroup: apps
    patchStrategy: JSON_PATCH
    patch: |
      [
        {"op": "replace", "path": "/spec/replicas", "value": 5}
      ]

Remove an annotation using JSON Merge Patch.

yaml
id: remove_annotation
namespace: company.team

tasks:
  - id: patch
    type: io.kestra.plugin.kubernetes.kubectl.Patch
    namespace: production
    resourceType: deployment
    resourceName: my-api
    apiGroup: apps
    patchStrategy: JSON_MERGE
    patch: |
      {
        "metadata": {
          "annotations": {
            "deprecated-annotation": null
          }
        }
      }

Patch a custom resource.

yaml
id: patch_custom_resource
namespace: company.team

tasks:
  - id: patch
    type: io.kestra.plugin.kubernetes.kubectl.Patch
    namespace: production
    resourceType: shirts
    resourceName: my-shirt
    apiGroup: stable.example.com
    apiVersion: v1
    patch: |
      {
        "spec": {
          "color": "blue",
          "size": "L"
        }
      }

Conditionally update replicas using JSON Patch test operation.

yaml
id: conditional_scale
namespace: company.team

tasks:
  - id: scale
    type: io.kestra.plugin.kubernetes.kubectl.Patch
    namespace: production
    resourceType: deployment
    resourceName: my-api
    apiGroup: apps
    patchStrategy: JSON_PATCH
    patch: |
      [
        {"op": "test", "path": "/spec/replicas", "value": 3},
        {"op": "replace", "path": "/spec/replicas", "value": 10}
      ]
Properties

The Kubernetes namespace

The patch content

The format depends on the patchStrategy. For STRATEGIC_MERGE and JSON_MERGE, provide a JSON object with the fields to update. For JSON_PATCH, provide a JSON array of operations with 'op', 'path', and 'value' fields.

The name of the Kubernetes resource to patch

The Kubernetes resource type (e.g., deployment, statefulset, pod)

Note: Currently only namespaced resources are supported. Cluster-scoped resources (e.g., ClusterRole, Node) are not supported.

The Kubernetes resource apiGroup

Required for custom resources. For core resources (pods, services, etc.), leave empty.

The Kubernetes resource API version

The version part of the API (e.g., 'v1', 'v1beta1'). Default is 'v1'. Note: This is just the version, not the full group/version. Use apiGroup for the group part.

The connection parameters to the Kubernetes cluster

If no connection is defined, we try to load the connection from the current context in the following order:

  1. System properties
  2. Environment variables
  3. Kube config file
  4. Service account token and a mounted CA certificate.

You can pass a full configuration with all options if needed.

Default { "image": "busybox" }

The configuration of the file sidecar container that handles the download and upload of files

SubType string

The files to create on the local filesystem – it can be a map or a JSON object.

The files will be available inside the kestra/working-dir directory of the container. You can use the special variable {{workingDir}} in your command to refer to it.

SubType string

The files from the container filesystem to send to Kestra's internal storage

Only files created inside the kestra/working-dir directory of the container can be retrieved. Must be a list of glob expressions relative to the current working directory, some examples: my-dir/**, my-dir/*/** or my-dir/my-file.txt..

Default STRATEGIC_MERGE
Possible Values
STRATEGIC_MERGEJSON_MERGEJSON_PATCH

The patch strategy to use

STRATEGIC_MERGE (default): Kubernetes strategic merge patch, most user-friendly. Understands K8s resource structure and intelligently merges lists by merge keys. JSON_MERGE: Simple merge with null-deletion semantics (RFC 7386). JSON_PATCH: Precision operations with add/remove/replace/test (RFC 6902).

Default PT1H
Format duration

The maximum duration to wait for the job completion

Default PT0S
Format duration

The maximum duration to wait until the patched resource becomes ready

When set to a positive duration, waits for the resource to report Ready=True in its status conditions. Set to PT0S (zero) to skip waiting. Supports Pods, StatefulSets, and custom resources that use the Ready condition. Note: Deployments are not supported as they use the Available condition instead of Ready.

Default PT10M
Format duration

The maximum duration to wait until the job and the pod is created

This timeout is the maximum time that Kubernetes scheduler will take to

  • schedule the job
  • pull the pod image
  • and start the pod.

The resource metadata after patching

The resource status after patching

Contains the current state of the resource including conditions, replicas, phase, etc. Useful for validation and conditional logic in workflows.

Default v1

The API version

CA certificate as data

CA certificate as file path

Client certificate as data

Client certificate as a file path

Default RSA

Client key encryption algorithm

default is RSA

Client key as data

Client key as a file path

Client key passphrase

Disable hostname verification

Key store file

Key store passphrase

Default https://kubernetes.default.svc

The URL to the Kubernetes API

The namespace used

Oauth token

Oauth token provider

Password

Trust all certificates

Truststore file

Truststore passphrase

Username

SubType string

List of all annotations of the resource

Name of the current cluster

Format date-time

Creation datetime

Deletetion grace period in seconds

Format date-time

Deletion datetime

SubType string

List of finalizers

Generate name of the resource

Generation

SubType string

List of labels

List of managed fields

Name of the resource

Namespace of the resource

List of owner reference

Resource version

Generated UUID of this resource

Default busybox

The image used for the file sidecar container

The resource requirements applied to the file sidecar container

The status of the Kubernetes resource

Contains the current state of the resource as a generic map structure