Finalizers are namespaced keys that instruct Kubernetes to wait until certain conditions are met before deleting resources that have been marked for deletion. Finalizers notify controllers to clean up resources the deleted object owned.
To understand the significance of finalizers, you must first understand the deletion process.
1. When you instruct Kubernetes to delete an object with finalizers, the Kubernetes API marks the object for deletion by populating .metadata.deletionTimestamp, and returns a 202 status code (HTTP "Accepted").
2. While the control plane or other components perform the actions defined by the finalizers, the target object remains in a terminating state.
3. Following the completion of these actions, the controller removes the relevant finalizers from the target object.
4. Kubernetes considers the deletion complete and deletes the object when the metadata.finalizers field is empty.
As you can see, finalizers helps in the deletion of your object, as well as the implementation of garbage collection and the prevention of accidental deletions.
Let's take a quick look at How finalizers work
When you create a resource using a manifest file, you can specify finalizers in the metadata.finalizers field. When you attempt to delete the resource, the API server handling the delete request notices the values in the finalizers field and does the following:
Modifies the object to add a metadata.deletionTimestamp field with the time you started the deletion.
Prevents the object from being removed until its metadata.finalizers field is empty.
Returns a 202 status code (HTTP "Accepted")
The controller managing that finalizer notices the update to the object setting the metadata.deletionTimestamp, indicating deletion of the object has been requested. The controller then attempts to satisfy the requirements of the finalizers specified for that resource. Each time a finalizer condition is satisfied, the controller removes that key from the resource's finalizers field. When the finalizers field is emptied, an object with a deletionTimestamp field set is automatically deleted. You can also use finalizers to prevent deletion of unmanaged resources.
A common example of a finalizer is kubernetes.io/pv-protection, which prevents accidental deletion of PersistentVolume objects. When a PersistentVolume object is in use by a Pod, Kubernetes adds the pv-protection finalizer. If you try to delete the PersistentVolume, it enters a Terminating status, but the controller can't delete it because the finalizer exists. When the Pod stops using the PersistentVolume, Kubernetes clears the pv-protection finalizer, and the controller deletes the volume.
You should avoid manually removing finalizers to allow deletion to continue when objects are stuck in a deleting state. Finalizers are usually added to resources for a reason, so removing them forcefully can cause problems in your cluster.
I hope you find this helpful.
Thank you for reading!
*** Explore | Share | Grow ***
Comments