Kubectl patch $deleteFromPrimitiveList directive

Question

I was searching for a way to remove a specific value from a list on a pod through a patch, specifically on the SecurityContext.Capabilities attribute. At first I came across the json patch remove limitation which requires an index but after some more digging I found the $deleteFromPrimitiveList directive used in the strategic patch type. Thing is this directive is not documented anywhere under the official documentation and only has a couple of hits in forums and the source code itself. This is what I ended up with which is working for me:

patch.yaml:

spec:
  template:
    spec:
      containers:
      - name: test
        securityContext:
          capabilities:
            $deleteFromPrimitiveList/add: ["SYS_RAWIO"]

patch command:

kubectl patch deployment test --patch="$(cat patch.json)"

My question is, should I use this, is this officially supported? If so, is there a needed minimum cluster version? and is there a reason its not documented anywhere? Thanks

Answer 1

It seems to be officially supported, but not well documented.

The best documentation I could find was a markdown file in the community repo that covers this and other strategic merge patch directives.

This documentation specifically calls out backward compatibility:

Changes to the strategic merge patch must be backwards compatible such that patch requests valid in previous versions continue to be valid. That is, old patch formats sent by old clients to new servers with must continue to function correctly.