Can't delete items from finalizer list with patch_node

[Sarapuce]

What happened (please include outputs or screenshots):

Impossible to remove finalizers from list by using kubernetes.client.CoreV1Api().patch_node

The node gke-attack-node-default-node-pool-92ee7023-wh9m has a finalizer :

$ k get node gke-attack-node-default-node-pool-92ee7023-wh9m -o jsonpath='{.metadata.finalizers}'
["test/test"]

Which can't be deleted using the patch_node method :

from kubernetes import client, config, watch

config.load_kube_config()
v1 = client.CoreV1Api()
node_name = "gke-attack-node-default-node-pool-92ee7023-wh9m"

body = {
    "metadata": {
      "finalizers": [] # Not working, can only add finalzer, not remove them
    }
  }

v1.patch_node(name=node_name, body=body)

$ k get node gke-attack-node-default-node-pool-92ee7023-wh9m -o jsonpath='{.metadata.finalizers}'
["test/test"]

It seems that using patch_node on this list only allow to add elements to the list but not remove it

from kubernetes import client, config, watch

config.load_kube_config()
v1 = client.CoreV1Api()
node_name = "gke-attack-node-default-node-pool-92ee7023-wh9m"

body = {
    "metadata": {
      "finalizers": ["test2/test2"]
    }
  }

v1.patch_node(name=node_name, body=body)

k get node gke-attack-node-default-node-pool-92ee7023-wh9m -o jsonpath='{.metadata.finalizers}'
["test2/test2","test/test"]

Debug output of the python script :

send: b'PATCH /api/v1/nodes/gke-attack-node-default-node-pool-92ee7023-wh9m HTTP/1.1\r\nHost: 34.40.31.30\r\nAccept-Encoding: identity\r\nContent-Length: 32\r\nAccept: application/json\r\nContent-Type: application/strategic-merge-patch+json\r\nUser-Agent: OpenAPI-Generator/31.0.0/python\r\nauthorization: Bearer xxx\r\n\r\n'
send: b'{"metadata": {"finalizers": []}}'
reply: 'HTTP/1.1 200 OK\r\n'
header: Audit-Id: 9b049a85-cd5e-4e26-bcc6-bd202cf3ebba
header: Cache-Control: no-cache, private
header: Content-Type: application/json
header: X-Kubernetes-Pf-Flowschema-Uid: c312db6d-16ac-4baf-a70f-7ae1d3e11b28
header: X-Kubernetes-Pf-Prioritylevel-Uid: ad780090-bc92-4755-b15e-ed213e46077f
header: Date: Sat, 16 Nov 2024 14:35:01 GMT
header: Transfer-Encoding: chunked

Debug output of this kubectl command (which should have the same behavior than patch_node function)

kubectl patch node gke-attack-node-default-node-pool-92ee7023-wh9m --type='merge' -p '{"metadata":{"finalizers":[]}}'

I1116 15:37:15.454703  173643 request.go:1351] Request Body: {"metadata":{"finalizers":[]}}
I1116 15:37:15.454748  173643 round_trippers.go:466] curl -v -XPATCH  -H "Accept: application/json" -H "Content-Type: application/merge-patch+json" -H "User-Agent: kubectl/v1.31.1 (linux/amd64) kubernetes/948afe5" 'https://34.40.31.30/api/v1/nodes/gke-attack-node-default-node-pool-92ee7023-wh9m?fieldManager=kubectl-patch'
I1116 15:37:15.516916  173643 round_trippers.go:553] PATCH https://34.40.31.30/api/v1/nodes/gke-attack-node-default-node-pool-92ee7023-wh9m?fieldManager=kubectl-patch 200 OK in 62 milliseconds
I1116 15:37:15.516963  173643 round_trippers.go:570] HTTP Statistics: GetConnection 0 ms ServerProcessing 61 ms Duration 62 ms
I1116 15:37:15.516976  173643 round_trippers.go:577] Response Headers:
I1116 15:37:15.516991  173643 round_trippers.go:580]     X-Kubernetes-Pf-Flowschema-Uid: c312db6d-16ac-4baf-a70f-7ae1d3e11b28
I1116 15:37:15.516999  173643 round_trippers.go:580]     X-Kubernetes-Pf-Prioritylevel-Uid: ad780090-bc92-4755-b15e-ed213e46077f
I1116 15:37:15.517014  173643 round_trippers.go:580]     Content-Length: 2379
I1116 15:37:15.517025  173643 round_trippers.go:580]     Date: Sat, 16 Nov 2024 14:37:15 GMT
I1116 15:37:15.517031  173643 round_trippers.go:580]     Audit-Id: 97f81391-7208-4855-bad5-6fd3bded641b
I1116 15:37:15.517044  173643 round_trippers.go:580]     Cache-Control: no-cache, private
I1116 15:37:15.517052  173643 round_trippers.go:580]     Content-Type: application/json

The difference seems to come from the header Content-Type which is not the same in the requests

What you expected to happen:

Add an option to choose how to patch the ressource, the default should keep the current behavior but when activated, it should have the same behavior than kubectl patch --type='merge'

How to reproduce it (as minimally and precisely as possible):

Add a finalizer on a node :

kubectl patch node <node-name> --type='merge' -p '{"metadata":{"finalizers":["test/test"]}}'

Try to remove it with this script :

from kubernetes import client, config

config.load_kube_config()
configuration = client.Configuration.get_default_copy()
configuration.debug = True
client.Configuration.set_default(configuration)

v1 = client.CoreV1Api()
node_name = "<node-name>"

body = {
    "metadata": {
      "finalizers": []
    }
  }

v1.patch_node(name=node_name, body=body)

Anything else we need to know?:

Environment:

• Kubernetes version (kubectl version):
  Client Version: v1.31.1
  Kustomize Version: v5.4.2
  Server Version: v1.30.5-gke.1443001

• OS (e.g., MacOS 10.13.6):
  Linux 6.8.0-48-generic 48-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 14:04:52 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

• Python version (python --version)
  Python 3.12.6

• Python client version (pip list | grep kubernetes)
  kubernetes 31.0.0

[jcpowermac]

I just ran across this issue because I was having issues with removing finalizers as well...this seems to work:

In [37]: patch = [{"op":"remove","path": "/metadata/finalizers"}]

In [38]: core.patch_persistent_volume(pv.metadata.name,patch)