1KUBERNETES(1)(kubernetes)                            KUBERNETES(1)(kubernetes)
2
3
4
5Eric Paris Jan 2015
6
7

NAME

9       kubectl patch - Update field(s) of a resource
10
11
12

SYNOPSIS

14       kubectl patch [OPTIONS]
15
16
17

DESCRIPTION

19       Update field(s) of a resource using strategic merge patch, a JSON merge
20       patch, or a JSON patch.
21
22
23       JSON and YAML formats are accepted.
24
25
26

OPTIONS

28       --allow-missing-template-keys=true      If true, ignore any  errors  in
29       templates  when a field or map key is missing in the template. Only ap‐
30       plies to golang and jsonpath output formats.
31
32
33       --dry-run="none"      Must be "none", "server", or "client". If  client
34       strategy, only print the object that would be sent, without sending it.
35       If server strategy, submit server-side request without  persisting  the
36       resource.
37
38
39       --field-manager="kubectl-patch"       Name of the manager used to track
40       field ownership.
41
42
43       -f, --filename=[]      Filename, directory, or URL to files identifying
44       the resource to update
45
46
47       -k,  --kustomize=""      Process the kustomization directory. This flag
48       can't be used together with -f or -R.
49
50
51       --local=false      If true, patch will operate on the  content  of  the
52       file, not the server-side resource.
53
54
55       -o,  --output=""       Output  format.  One  of: json|yaml|name|go-tem‐
56       plate|go-template-file|template|templatefile|jsonpath|json‐
57       path-as-json|jsonpath-file.
58
59
60       -p, --patch=""      The patch to be applied to the resource JSON file.
61
62
63       --patch-file=""      A file containing a patch to be applied to the re‐
64       source.
65
66
67       --record=false      Record current kubectl command in the resource  an‐
68       notation.  If  set to false, do not record the command. If set to true,
69       record the command. If not set, default to updating the existing  anno‐
70       tation value only if one already exists.
71
72
73       -R, --recursive=false      Process the directory used in -f, --filename
74       recursively. Useful when you want to manage related manifests organized
75       within the same directory.
76
77
78       --template=""      Template string or path to template file to use when
79       -o=go-template, -o=go-template-file. The template format is golang tem‐
80       plates [http://golang.org/pkg/text/template/#pkg-overview].
81
82
83       --type="strategic"       The type of patch being provided; one of [json
84       merge strategic]
85
86
87

OPTIONS INHERITED FROM PARENT COMMANDS

89       --add-dir-header=false      If true, adds the  file  directory  to  the
90       header of the log messages
91
92
93       --alsologtostderr=false      log to standard error as well as files
94
95
96       --application-metrics-count-limit=100       Max  number  of application
97       metrics to store (per container)
98
99
100       --as=""      Username to impersonate for the operation
101
102
103       --as-group=[]      Group to impersonate for the  operation,  this  flag
104       can be repeated to specify multiple groups.
105
106
107       --azure-container-registry-config=""       Path  to the file containing
108       Azure container registry configuration information.
109
110
111       --boot-id-file="/proc/sys/kernel/random/boot_id"        Comma-separated
112       list of files to check for boot-id. Use the first one that exists.
113
114
115       --cache-dir="/builddir/.kube/cache"      Default cache directory
116
117
118       --certificate-authority=""      Path to a cert file for the certificate
119       authority
120
121
122       --client-certificate=""      Path to a client certificate file for TLS
123
124
125       --client-key=""      Path to a client key file for TLS
126
127
128       --cloud-provider-gce-l7lb-src-cidrs=130.211.0.0/22,35.191.0.0/16
129            CIDRs  opened  in  GCE  firewall  for  L7 LB traffic proxy  health
130       checks
131
132
133       --cloud-provider-gce-lb-src-cidrs=130.211.0.0/22,209.85.152.0/22,209.85.204.0/22,35.191.0.0/16
134            CIDRs  opened  in  GCE  firewall  for  L4 LB traffic proxy  health
135       checks
136
137
138       --cluster=""      The name of the kubeconfig cluster to use
139
140
141       --container-hints="/etc/cadvisor/container_hints.json"      location of
142       the container hints file
143
144
145       --containerd="/run/containerd/containerd.sock"      containerd endpoint
146
147
148       --containerd-namespace="k8s.io"      containerd namespace
149
150
151       --context=""      The name of the kubeconfig context to use
152
153
154       --default-not-ready-toleration-seconds=300       Indicates  the tolera‐
155       tionSeconds of the toleration for notReady:NoExecute that is  added  by
156       default to every pod that does not already have such a toleration.
157
158
159       --default-unreachable-toleration-seconds=300      Indicates the tolera‐
160       tionSeconds of the toleration for unreachable:NoExecute that  is  added
161       by default to every pod that does not already have such a toleration.
162
163
164       --disable-root-cgroup-stats=false       Disable  collecting root Cgroup
165       stats
166
167
168       --docker="unix:///var/run/docker.sock"      docker endpoint
169
170
171       --docker-env-metadata-whitelist=""      a comma-separated list of envi‐
172       ronment  variable  keys  matched with specified prefix that needs to be
173       collected for docker containers
174
175
176       --docker-only=false      Only report docker containers in  addition  to
177       root stats
178
179
180       --docker-root="/var/lib/docker"       DEPRECATED:  docker  root is read
181       from docker info (this is a fallback, default: /var/lib/docker)
182
183
184       --docker-tls=false      use TLS to connect to docker
185
186
187       --docker-tls-ca="ca.pem"      path to trusted CA
188
189
190       --docker-tls-cert="cert.pem"      path to client certificate
191
192
193       --docker-tls-key="key.pem"      path to private key
194
195
196       --enable-load-reader=false      Whether to enable cpu load reader
197
198
199       --event-storage-age-limit="default=0"      Max length of time for which
200       to store events (per type). Value is a comma separated list of key val‐
201       ues, where the keys are event types (e.g.: creation, oom) or  "default"
202       and  the  value  is a duration. Default is applied to all non-specified
203       event types
204
205
206       --event-storage-event-limit="default=0"      Max number  of  events  to
207       store  (per type). Value is a comma separated list of key values, where
208       the keys are event types (e.g.: creation, oom)  or  "default"  and  the
209       value  is  an  integer.  Default  is applied to all non-specified event
210       types
211
212
213       --global-housekeeping-interval=1m0s      Interval between global house‐
214       keepings
215
216
217       --housekeeping-interval=10s       Interval between container housekeep‐
218       ings
219
220
221       --insecure-skip-tls-verify=false      If true, the server's certificate
222       will not be checked for validity. This will make your HTTPS connections
223       insecure
224
225
226       --kubeconfig=""      Path to the kubeconfig file to  use  for  CLI  re‐
227       quests.
228
229
230       --log-backtrace-at=:0       when logging hits line file:N, emit a stack
231       trace
232
233
234       --log-cadvisor-usage=false      Whether to log the usage of the  cAdvi‐
235       sor container
236
237
238       --log-dir=""      If non-empty, write log files in this directory
239
240
241       --log-file=""      If non-empty, use this log file
242
243
244       --log-file-max-size=1800       Defines  the maximum size a log file can
245       grow to. Unit is megabytes. If the value is 0, the maximum file size is
246       unlimited.
247
248
249       --log-flush-frequency=5s       Maximum  number  of  seconds between log
250       flushes
251
252
253       --logtostderr=true      log to standard error instead of files
254
255
256       --machine-id-file="/etc/machine-id,/var/lib/dbus/machine-id"
257            Comma-separated  list  of  files  to check for machine-id. Use the
258       first one that exists.
259
260
261       --match-server-version=false       Require  server  version  to   match
262       client version
263
264
265       -n,  --namespace=""       If  present, the namespace scope for this CLI
266       request
267
268
269       --one-output=false      If true, only write logs to their native sever‐
270       ity level (vs also writing to each lower severity level
271
272
273       --password=""      Password for basic authentication to the API server
274
275
276       --profile="none"         Name   of   profile   to   capture.   One   of
277       (none|cpu|heap|goroutine|threadcreate|block|mutex)
278
279
280       --profile-output="profile.pprof"      Name of the  file  to  write  the
281       profile to
282
283
284       --referenced-reset-interval=0       Reset interval for referenced bytes
285       (container_referenced_bytes metric), number of measurement cycles after
286       which  referenced  bytes  are cleared, if set to 0 referenced bytes are
287       never cleared (default: 0)
288
289
290       --request-timeout="0"      The length of time to wait before giving  up
291       on  a  single  server  request. Non-zero values should contain a corre‐
292       sponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't time‐
293       out requests.
294
295
296       -s, --server=""      The address and port of the Kubernetes API server
297
298
299       --skip-headers=false       If  true,  avoid  header prefixes in the log
300       messages
301
302
303       --skip-log-headers=false      If true, avoid headers when  opening  log
304       files
305
306
307       --stderrthreshold=2      logs at or above this threshold go to stderr
308
309
310       --storage-driver-buffer-duration=1m0s      Writes in the storage driver
311       will be buffered for this duration, and committed  to  the  non  memory
312       backends as a single transaction
313
314
315       --storage-driver-db="cadvisor"      database name
316
317
318       --storage-driver-host="localhost:8086"      database host:port
319
320
321       --storage-driver-password="root"      database password
322
323
324       --storage-driver-secure=false      use secure connection with database
325
326
327       --storage-driver-table="stats"      table name
328
329
330       --storage-driver-user="root"      database username
331
332
333       --tls-server-name=""       Server  name  to  use for server certificate
334       validation. If it is not provided, the hostname  used  to  contact  the
335       server is used
336
337
338       --token=""      Bearer token for authentication to the API server
339
340
341       --update-machine-info-interval=5m0s       Interval between machine info
342       updates.
343
344
345       --user=""      The name of the kubeconfig user to use
346
347
348       --username=""      Username for basic authentication to the API server
349
350
351       -v, --v=0      number for the log level verbosity
352
353
354       --version=false      Print version information and quit
355
356
357       --vmodule=       comma-separated  list  of   pattern=N   settings   for
358       file-filtered logging
359
360
361       --warnings-as-errors=false      Treat warnings received from the server
362       as errors and exit with a non-zero exit code
363
364
365

EXAMPLE

367                # Partially update a node using a strategic merge patch. Specify the patch as JSON.
368                kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'
369
370                # Partially update a node using a strategic merge patch. Specify the patch as YAML.
371                kubectl patch node k8s-node-1 -p $'spec:\n unschedulable: true'
372
373                # Partially update a node identified by the type and name specified in "node.json" using strategic merge patch.
374                kubectl patch -f node.json -p '{"spec":{"unschedulable":true}}'
375
376                # Update a container's image; spec.containers[*].name is required because it's a merge key.
377                kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'
378
379                # Update a container's image using a json patch with positional arrays.
380                kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'
381
382
383
384

SEE ALSO

386       kubectl(1),
387
388
389

HISTORY

391       January 2015, Originally compiled by Eric Paris (eparis at  redhat  dot
392       com)  based  on the kubernetes source material, but hopefully they have
393       been automatically generated since!
394
395
396
397Manuals                              User            KUBERNETES(1)(kubernetes)
Impressum