kubectl-patch

Partially patch a secret using a strategic merge JSON patch to remove the finalizer

$ kubectl patch secrets [secret_name] [[-p|--patch]] '{"metadata":{"finalizers": []\}\}' --type merge

$ kubectl patch secrets [secret_name] [[-p|--patch]] $'metadata:\n finalizers: []' --type merge

$ kubectl patch [[po|pods]] [pod_name] --type 'json' [[-p|--patch]] '[{"op": "replace", "path": "/spec/containers/0/image", "value":"[new_image_value]"}]'

$ kubectl patch [[deploy|deployments]] [deployment_name] --subresource 'scale' --type 'merge' [[-p|--patch]] '{"spec":{"replicas":[number_of_replicas]\}\}'

kubectl patch (-f FILENAME | TYPE NAME | -k DIRECTORY | --prune -l SELECTOR) [-p PATCH|--patch-file FILE] [flags]

-f, --filename []
    Filename, directory, URL, or raw YAML/JSON identifying the resource(s)

--field-manager string
    Name of the manager used to track field ownership (default: 'kubectl')

--force
    Force resource update even with pending changes

--patch-type string
    Patch type: 'strategic', 'merge', or 'json'

-p, --patch string
    Inline patch as JSON string to apply

--patch-file string
    File containing the patch to apply

--subresource string
    Subresource to patch (default: 'scale' for certain resources)

--type string
    Type of patch: 'strategic', 'merge', or 'json' (alias for --patch-type)

--dry-run string
    'none', 'client', or 'server' to preview without applying

-n, --namespace string
    Namespace for the resource (inherits from current context)

-o, --output string
    Output format (json, yaml, name, wide, etc.)

The kubectl patch command updates specific fields in Kubernetes resources without replacing the entire object. It supports strategic merge patches, JSON merge patches, and JSON patches, allowing precise modifications to deployments, pods, services, and more.

Strategic merge patch is the default, intelligently merging changes based on Kubernetes semantics, such as appending to lists or overwriting maps. Use -p for inline JSON patches or --patch-file for file-based patches.

Common use cases include scaling replicas (e.g., kubectl patch deployment mydep -p '{"spec":{"replicas":3}}'), marking nodes unschedulable, or updating labels/annotations. It respects field ownership via --field-manager to avoid conflicts in multi-client environments.

Dry-run mode (--dry-run=server) previews changes server-side without applying them. Subresources like scale can be targeted separately (--subresource=scale).

This command is essential for automation scripts and CI/CD pipelines, offering a lightweight alternative to kubectl apply for incremental updates.

Patches may fail on immutable fields or during schema validation. Strategic merge ignores certain lists; use JSON patch for full control. Requires cluster read/write permissions on the resource.

Scale deployment: kubectl patch deployment myapp -p '{"spec":{"replicas":5}}'
Inline JSON patch: kubectl patch pod mypod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"nginx:1.16"}]'
Patch from file: kubectl patch node node1 --patch-file=patch.yaml

Strategic: Kubernetes-aware merging (default).
Merge: RFC 7386 JSON merge.
JSON: RFC 6902 JSON patch operations (add/replace/remove).

Introduced in Kubernetes v1.0 (2014) as part of kubectl core functionality. Evolved with patch types in v1.11+ for JSON/merge support. Actively maintained by CNCF Kubernetes project.

kubectl(1), kubectl-apply(1), kubectl-edit(1), kubectl-get(1)