📚 / Documentation / StateReconciler CRD


The StateReconciler resource allows you to specify:

  • what resources to observe
  • the pattern they should follow
  • the action to take if a non-compliant resource is detected

The current supported actions are:

  • deleting the non-compliant resources
  • patching the non-compliant resources
  • delegating the delete/patch decision to a Webhook

Custom Resource Definition

API GroupVersionKindNamespaced
apiVersionstringKubernetes resource API version
kindstringKubernetes resource kind
metadataobjectKubernetes resource metadata
specState Reconciler SpecSpecification of the desired behavior

State Reconciler Spec

observeObserver SpecDescribe what set of Kubernetes resource to audit
matchMatchPattern SpecDescribe how to match the Kubernetes resource that are compliant
reconcileReconciler SpecDescribe the action to take for non-compliant resources

Observer Spec

apiVersionstringKubernetes resource API version
kindstringKubernetes resource kind
namespacesstring or list of stringEither '*' (all namespaces) or a list of namespace

Match Pattern Spec

oneOf pattern

oneOflist of Match Pattern SpecWill match if any of the sub-patterns match

allOf pattern

allOflist of Match Pattern SpecWill match if all of the sub-patterns match

Field pattern

fieldstringJSON Path of a field within the audited resource
whereWhere TupleDescribe the comparison to perform

Where Tuple


[operator, value]


  • operator as one of:
    • $lt: Lesser Than
    • $lte: Lesser Than or Equal
    • $eq: Equal
    • $ne: Not Equal
    • $gte: Greater Than or Equal
    • $gt: Greater Than
    • $in: Included in Array
    • $nin: Not Included in Array
  • value as any valid JSON data type

Reconciler Spec

Delete reconciliation

deleteExtrasbooleanIf true, non-compliant resources will be deleted

Patch reconciliation

patchobjectThe patch to apply on each non-compliant resources

Webhook reconciliation

webhookstringURL to the webhook. The reconciler will delegate the decision to this webhook.

What's next?

Discover how to implement your own Custom Reconciliation Webhook.