Generic Kubernetes resources using lightkube
Project description
Kubernetes Provider
Generic Kubernetes resource management for Pragmatiks using lightkube.
Declaratively manage Kubernetes workloads, networking, configuration, and cluster-scoped resources. The provider authenticates via a GKE cluster dependency and uses server-side apply for idempotent operations.
Prerequisites
- A running Kubernetes cluster managed by the GCP provider (
gcp/gke) - GCP service account credentials with
container.clusters.getandcontainer.clusters.getCredentialspermissions - RBAC permissions on the target cluster for the resources you want to manage (typically
cluster-adminor namespace-scoped roles)
Installation
pragma providers install kubernetes
Resources
| Resource | Type Slug | Description |
|---|---|---|
| Namespace | kubernetes/namespace |
Cluster-scoped namespace isolation |
| Deployment | kubernetes/deployment |
Stateless workload with rolling updates |
| StatefulSet | kubernetes/statefulset |
Stateful workload with persistent storage and stable pod identity |
| Service | kubernetes/service |
Network exposure (ClusterIP, NodePort, LoadBalancer, Headless) |
| ConfigMap | kubernetes/configmap |
Non-sensitive configuration data |
| Secret | kubernetes/secret |
Sensitive data (credentials, tokens, TLS certs) |
All resources require a cluster dependency pointing to a gcp/gke resource for authentication.
Namespace
Cluster-scoped resource for workload isolation. Namespaces do not belong to another namespace.
Config:
cluster(dependency) -- GKE cluster for authenticationlabels(dict, optional) -- Labels to apply to the namespace
Outputs:
name-- Namespace name
resources:
dev-namespace:
provider: kubernetes
resource: namespace
config:
cluster: ${{ my-cluster }}
labels:
environment: development
team: platform
Deployment
Manages stateless workloads with configurable replicas, rolling update strategy, health probes, environment variables, and resource limits. Waits for all replicas to be ready before reporting success (default timeout: 300s).
Config:
cluster(dependency) -- GKE cluster for authenticationnamespace(string, default:"default") -- Target namespace (immutable)replicas(int, default:1) -- Desired pod replicasselector(dict) -- Label selector for pods (immutable)labels(dict, optional) -- Pod labels; defaults toselectorif not setcontainers(list) -- Container specs: image, ports, env, probes, resourcesstrategy("RollingUpdate"|"Recreate", default:"RollingUpdate") -- Update strategy
Outputs:
name,namespace,replicas,ready_replicas,available_replicas
resources:
api-deployment:
provider: kubernetes
resource: deployment
config:
cluster: ${{ my-cluster }}
namespace: production
replicas: 3
selector:
app: api
containers:
- name: api
image: gcr.io/my-project/api:latest
ports:
- container_port: 8080
name: http
env:
LOG_LEVEL: info
env_from_secret:
DATABASE_URL: db-credentials.url
resources:
cpu: "250m"
memory: "512Mi"
cpu_limit: "1000m"
memory_limit: "1Gi"
readiness_probe:
http_get:
path: /healthz
port: 8080
initial_delay_seconds: 5
period_seconds: 10
StatefulSet
Manages stateful workloads with stable pod identity, persistent storage via PVC templates, and ordered deployment. Associates with a headless service for DNS-based pod discovery. Waits for all replicas to be ready before reporting success.
Config:
cluster(dependency) -- GKE cluster for authenticationnamespace(string, default:"default") -- Target namespace (immutable)replicas(int, default:1) -- Desired pod replicasservice_name(string) -- Headless service for pod DNS (immutable)selector(dict, optional) -- Label selector; defaults to{"app": "<name>"}containers(list) -- Container specs: image, ports, env, volume mounts, probesvolume_claim_templates(list, optional) -- PVC templates for persistent storage
Outputs:
name,namespace,replicas,ready_replicas,service_name
resources:
postgres:
provider: kubernetes
resource: statefulset
config:
cluster: ${{ my-cluster }}
namespace: data
replicas: 3
service_name: postgres-headless
containers:
- name: postgres
image: postgres:16
ports:
- container_port: 5432
name: postgres
env:
- name: POSTGRES_DB
value: myapp
volume_mounts:
- name: data
mount_path: /var/lib/postgresql/data
resources:
requests:
cpu: "500m"
memory: "1Gi"
limits:
cpu: "2000m"
memory: "4Gi"
readiness_probe:
tcp_socket_port: 5432
initial_delay_seconds: 15
period_seconds: 10
volume_claim_templates:
- name: data
storage_class: premium-rwo
access_modes:
- ReadWriteOnce
storage: 50Gi
Service
Exposes workloads via ClusterIP, NodePort, LoadBalancer, or Headless service types. Services are immediately ready after apply (no polling). Headless services automatically set clusterIP: None.
Config:
cluster(dependency) -- GKE cluster for authenticationnamespace(string, default:"default") -- Target namespace (immutable)type("ClusterIP"|"NodePort"|"LoadBalancer"|"Headless", default:"ClusterIP") -- Service typeselector(dict) -- Label selector for target podsports(list) -- Port mappings: port, target_port, protocol, namecluster_ip(string, optional) -- Explicit cluster IP
Outputs:
name,namespace,cluster_ip,type
resources:
api-service:
provider: kubernetes
resource: service
config:
cluster: ${{ my-cluster }}
namespace: production
type: ClusterIP
selector:
app: api
ports:
- name: http
port: 80
target_port: 8080
postgres-headless:
provider: kubernetes
resource: service
config:
cluster: ${{ my-cluster }}
namespace: data
type: Headless
selector:
app: postgres
ports:
- name: postgres
port: 5432
ConfigMap
Stores non-sensitive configuration data as key-value pairs. ConfigMaps can be mounted as files or exposed as environment variables in pods.
Config:
cluster(dependency) -- GKE cluster for authenticationnamespace(string, default:"default") -- Target namespace (immutable)data(dict) -- Key-value pairs to store
Outputs:
name,namespace,data
resources:
app-config:
provider: kubernetes
resource: configmap
config:
cluster: ${{ my-cluster }}
namespace: production
data:
APP_ENV: production
LOG_FORMAT: json
MAX_CONNECTIONS: "100"
Secret
Stores sensitive data (credentials, tokens, TLS certificates). Data values are automatically base64-encoded. Supports both pre-encoded data and plain-text string_data fields.
Config:
cluster(dependency) -- GKE cluster for authenticationnamespace(string, default:"default") -- Target namespace (immutable)type(string, default:"Opaque") -- Secret type (e.g.,Opaque,kubernetes.io/tls)data(dict, optional) -- Key-value pairs (will be base64-encoded)string_data(dict, optional) -- Plain-text key-value pairs (Kubernetes encodes them)
Outputs:
name,namespace,type,data
resources:
db-credentials:
provider: kubernetes
resource: secret
config:
cluster: ${{ my-cluster }}
namespace: production
type: Opaque
string_data:
url: postgresql://user:pass@postgres:5432/myapp
username: user
password: pass
Cross-Provider Usage
The Kubernetes provider is designed to work alongside the GCP provider. A typical pattern is: GCP provisions the cluster, Kubernetes deploys workloads into it.
resources:
# GCP creates the cluster
my-cluster:
provider: gcp
resource: gke
config:
project_id: my-project
location: europe-west4
name: prod-cluster
credentials: ${{ secrets.gcp_credentials }}
# Kubernetes resources depend on the cluster
app-namespace:
provider: kubernetes
resource: namespace
config:
cluster: ${{ my-cluster }}
labels:
environment: production
app-config:
provider: kubernetes
resource: configmap
config:
cluster: ${{ my-cluster }}
namespace: ${{ app-namespace.name }}
data:
APP_ENV: production
app-secrets:
provider: kubernetes
resource: secret
config:
cluster: ${{ my-cluster }}
namespace: ${{ app-namespace.name }}
string_data:
api_key: ${{ secrets.api_key }}
app:
provider: kubernetes
resource: deployment
config:
cluster: ${{ my-cluster }}
namespace: ${{ app-namespace.name }}
replicas: 3
selector:
app: my-app
containers:
- name: app
image: gcr.io/my-project/app:latest
ports:
- container_port: 8080
env_from_secret:
API_KEY: app-secrets.api_key
app-service:
provider: kubernetes
resource: service
config:
cluster: ${{ my-cluster }}
namespace: ${{ app-namespace.name }}
type: LoadBalancer
selector:
app: my-app
ports:
- port: 80
target_port: 8080
Resources are applied in dependency order. The platform resolves ${{ my-cluster }} and ${{ app-namespace.name }} references automatically, ensuring the GKE cluster is ready before any Kubernetes resources are created.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pragmatiks_kubernetes_provider-0.154.0.tar.gz.
File metadata
- Download URL: pragmatiks_kubernetes_provider-0.154.0.tar.gz
- Upload date:
- Size: 17.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b7df073247778eb3704279b2c0e6308d4dedba51e1245ab28b227b58e3e05fb1
|
|
| MD5 |
bd0546fa43989a5b65c1cce888829445
|
|
| BLAKE2b-256 |
ca86535d16d3c98d8b33b85e4ba9f812315945c184db45d0aa1ba0882664e833
|
Provenance
The following attestation bundles were made for pragmatiks_kubernetes_provider-0.154.0.tar.gz:
Publisher:
publish.yaml on pragmatiks/pragma-providers
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pragmatiks_kubernetes_provider-0.154.0.tar.gz -
Subject digest:
b7df073247778eb3704279b2c0e6308d4dedba51e1245ab28b227b58e3e05fb1 - Sigstore transparency entry: 1110935949
- Sigstore integration time:
-
Permalink:
pragmatiks/pragma-providers@7185c759ed2ba31d425c02cb3e01e1935392f58e -
Branch / Tag:
refs/heads/main - Owner: https://github.com/pragmatiks
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yaml@7185c759ed2ba31d425c02cb3e01e1935392f58e -
Trigger Event:
push
-
Statement type:
File details
Details for the file pragmatiks_kubernetes_provider-0.154.0-py3-none-any.whl.
File metadata
- Download URL: pragmatiks_kubernetes_provider-0.154.0-py3-none-any.whl
- Upload date:
- Size: 26.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f884342bc364f3821359a7a5ee0933627f2686d23b246a7487c4d31bf8b70ec2
|
|
| MD5 |
13df1959082976f691ca522ccafce0bc
|
|
| BLAKE2b-256 |
5f7a8d8ea4235b736207cfa54042d37272ad0e0cdfae1b775d9deefee2a6aa11
|
Provenance
The following attestation bundles were made for pragmatiks_kubernetes_provider-0.154.0-py3-none-any.whl:
Publisher:
publish.yaml on pragmatiks/pragma-providers
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
pragmatiks_kubernetes_provider-0.154.0-py3-none-any.whl -
Subject digest:
f884342bc364f3821359a7a5ee0933627f2686d23b246a7487c4d31bf8b70ec2 - Sigstore transparency entry: 1110935974
- Sigstore integration time:
-
Permalink:
pragmatiks/pragma-providers@7185c759ed2ba31d425c02cb3e01e1935392f58e -
Branch / Tag:
refs/heads/main - Owner: https://github.com/pragmatiks
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yaml@7185c759ed2ba31d425c02cb3e01e1935392f58e -
Trigger Event:
push
-
Statement type:
