{"id":392119,"date":"2022-01-10T17:14:30","date_gmt":"2022-01-10T14:14:30","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/"},"modified":"2022-01-10T17:14:30","modified_gmt":"2022-01-10T14:14:30","slug":"what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/","title":{"rendered":"#What Are Finalizers In Kubernetes? How to Handle Object Deletions \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a332e8202154\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a332e8202154\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/#What_Are_Finalizers\" >What Are Finalizers?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/#Finalizer_Challenges\" >Finalizer Challenges<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/#Owners_and_Propagation_Policies\" >Owners and Propagation Policies<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/#Implementing_Finalizers\" >Implementing Finalizers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/buradabiliyorum.com\/en\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions-cloudsavvy-it\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#What Are Finalizers In Kubernetes? How to Handle Object Deletions \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage aligncenter size-full wp-image-9632\" data-pagespeed-lazy-srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/02\/748108a6.jpg?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/02\/748108a6.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/02\/748108a6.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Graphic showing the Kubernetes logo\" width=\"1602\" height=\"902\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Kubernetes object deletions aren\u2019t as straightforward as they seem on the surface. Deleting an object is an involved process that includes conditional checks to determine whether safe removal is possible. This is achieved by API objects called Finalizers.<\/p>\n<p>In this article, we\u2019ll look at what <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/working-with-objects\/finalizers\">Finalizers<\/a> are, how they\u2019re managed, and challenges they can cause when you want to delete an object. Having a better understanding of the deletion process can help you debug problems where resources don\u2019t seem to terminate in a timely manner.<\/p>\n<h2 id=\"what-are-finalizers\"><span class=\"ez-toc-section\" id=\"What_Are_Finalizers\"><\/span>What Are Finalizers?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Finalizers are a mechanism for enforcing certain conditions be met before an object can be deleted. When you run a command like <code>kubectl delete namespace\/example<\/code>, Kubernetes checks the Finalizers defined on the referenced object. These are listed in its <code>metadata.finalizers<\/code> field. Each Finalizer gets a chance to postpone the deletion until it\u2019s completed its actions.<\/p>\n<p>The actual deletion process ends up looking like this:<\/p>\n<ol type=\"1\">\n<li><strong>Issue a deletion command.<\/strong> \u2013 Kubernetes marks the object as pending deletion. This leaves the resource in the read-only \u201cTerminating\u201d state.<\/li>\n<li><strong>Run each of the actions associated with the object\u2019s Finalizers.<\/strong> \u2013 Each time a Finalizer action completes, that Finalizer is detached from the object, so it\u2019ll no longer <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ear in the <code>metadata.finalizers<\/code> field.<\/li>\n<li><strong>Kubernetes keeps monitoring the Finalizers attached to the object.<\/strong> \u2013 The object will be deleted once the <code>metadata.finalizers<\/code> field is empty, because all Finalizers were removed by the completion of their actions.<\/li>\n<\/ol>\n<p>Finalizers are commonly used to run clean-up and garbage collection procedures before an object is removed from the cluster. You can add your own Finalizers using the Kubernetes API; built-in Finalizers are also applied automatically to some types of object.<\/p>\n<p>As an example, PersistentVolume resources come with a <code>kubernetes.io\/pv-protection<\/code> Finalizer that prevents accidental deletion of volumes in active use by Pods. The Finalizer enforces that the PersistentVolume cannot be removed from the cluster until there\u2019s no Pods using it. Issuing a deletion command while there\u2019s still an active Pod will cause the volume to be marked as <code>Terminating<\/code>; it will stay in this state for as long as the Pod needs the volume, then get deleted automatically as soon as possible afterwards.<\/p>\n<h2 id=\"finalizer-challenges\"><span class=\"ez-toc-section\" id=\"Finalizer_Challenges\"><\/span>Finalizer Challenges<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Long-running Finalizers that wait for a condition involving other resources can cause deletions to appear stuck in the <code>Terminating<\/code> state. You may also run into issues where a Finalizer blocks the deletion of dependent objects which prevents the parent from successfully terminating.<\/p>\n<p>These problems regularly cause confusion \u2013 developers and operators tend to see deletions as simple procedures when the process is actually nuanced and variable. The prerequisites for successful deletion depend on the resource\u2019s relations and their Finalizers, as well as the target object itself.<\/p>\n<p>When an object\u2019s been <code>Terminating<\/code> for an excessive time, check its Finalizers by inspecting the <code>metadata.finalizers<\/code> field in its YAML:<\/p>\n<pre>kubectl get pod example-pod --namespace example -o json | jq<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-15165\" data-pagespeed-lazy-src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/12\/69ae6ab0.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"\" width=\"1143\" height=\"483\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><\/p>\n<p>Once you know which finalizers are defined, you can begin identifying the ones likely to block a deletion. Viewing the object\u2019s events and condition changes can aid debugging by showing actions that have occurred since the deletion command was issued. Conditions are shown in the YAML\u2019s <code>spec.status.conditions<\/code> field; events are visible when running <code>kubectl describe pod example-pod<\/code>.<\/p>\n<p>You can manually remove an object\u2019s Finalizers by patching the <code>spec.finalizers<\/code> field to <code>null<\/code>. This technique <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/docs\/concepts\/overview\/working-with-objects\/finalizers\">shouldn\u2019t be used<\/a> unless absolutely necessary. Finalizers are safeguards meant to protect your cluster; overriding them <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/cloud.redhat.com\/blog\/the-hidden-dangers-of-terminating-namespaces\">could lead to<\/a> orphaned objects and broken dependency chains.<\/p>\n<pre>kubectl patch pod example-pod -p '{\"metadata: {\"finalizers\": null}}'<\/pre>\n<h2 id=\"owners-and-propagation-policies\"><span class=\"ez-toc-section\" id=\"Owners_and_Propagation_Policies\"><\/span>Owners and Propagation Policies<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A related topic is <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/blog\/2021\/05\/14\/using-finalizers-to-control-deletion\">object owners<\/a> and deletion propagation policies. Owner references define the relationships between objects. They\u2019re used to remove entire object trees when a parent is deleted. As an example, if you delete a Deployment, Kubernetes must also destroy the Pods within that Deployment.<\/p>\n<p>Owner references <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/kubernetes.io\/blog\/2021\/05\/14\/using-finalizers-to-control-deletion\">are defined via<\/a> the <code>metadata.ownerReferences<\/code> field on objects. Each reference includes the <code>kind<\/code> and <code>name<\/code> of the object to parent the current resource to.<\/p>\n<p>When owner references are used, deleting a parent automatically removes all its children. This is called cascading deletion. It\u2019s possible to disable the cascade by adding the <code>--cascade=orphan<\/code> flag to <code>kubectl delete<\/code>. Kubernetes will allow the object\u2019s children to remain in the cluster, leaving them available but orphaned.<\/p>\n<p>Kubernetes also supports different deletion \u201cpropagation policies.\u201d These define whether the parent or its children are deleted first. The default <code>Foreground<\/code> policy deletes the children and then the parent, ensuring no orphaning occurs. <code>Background<\/code> inverts the order so the parent is removed first. The third policy, <code>Orphan<\/code>, instructs Kubernetes to ignore owner references altogether.<\/p>\n<p>The <code>kubectl delete<\/code> command doesn\u2019t support propagation policies. You must make a direct API request if you want to change the policy for a deletion operation:<\/p>\n<pre>curl -X DELETE &#13;\n    localhost\/api\/v1\/namespaces\/default\/deployments\/example &#13;\n    -d '{\"apiVersion\": \"v1\", \"kind\": \"DeleteOptions\", \"propagationPolicy\": \"Background\"}'&#13;\n    -H \"Content-Type: application\/json\"<\/pre>\n<p>Finalizers are respected when a deletion is propagated or cascaded to related objects. In the case of the <code>Foreground<\/code> policy, this means all the Finalizers on all the children will need to complete before the parent can terminate. For the <code>Background<\/code> policy, children will remain live until their parent\u2019s Finalizers have finished.<\/p>\n<h2 id=\"implementing-finalizers\"><span class=\"ez-toc-section\" id=\"Implementing_Finalizers\"><\/span>Implementing Finalizers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You can implement your own Finalizers <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/book.kubebuilder.io\/reference\/using-finalizers.html\">using the<\/a> Kubernetes API and Go SDK. Finalizers are created by registering hooks in the <code>Reconcile<\/code> method of a controller.<\/p>\n<p>The method should check whether the object to reconcile has a value in its <code>DeletionTimestamp<\/code> field. This means it\u2019s pending deletion and is in the <code>Terminating<\/code> state. Choose an identifier for your finalizer and check whether the object includes the value in its <code>metadata.finalizers<\/code> field. If it does, you should run any necessary actions and then detach the Finalizer from the object. An example implementation is included in the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/book.kubebuilder.io\/reference\/using-finalizers.html\">Kubebuilder<\/a> guide to writing your own Kubernetes object types using CRDs (custom resource definitions).<\/p>\n<p>Finalizers are always implemented as code in a controller method. The <code>metadata.finalizers<\/code> field acts in a similar capacity to annotations and labels, listing the Finalizers to apply to that object without directly defining the code to execute.<\/p>\n<h2 id=\"conclusion\"><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span>Conclusion<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Finalizers control the lifecycle of a Kubernetes object after deletion is initiated. They\u2019re used to implement garbage collection, notify controllers of impending removals, and prevent accidental deletion of objects that are still being referenced by other resources.<\/p>\n<p>Because Finalizers can block object deletions for arbitrarily long time periods, they\u2019re a common source of frustration when ops teams don\u2019t understand why an object\u2019s \u201cstuck\u201d terminating. In this situation it\u2019s best to inspect the affected resources, see which Finalizers are active, and investigate inter-object relationships which might be acting as blocking dependencies. Force removing a Finalizer should be your last resort if you must im<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>tely delete a Terminating object or you\u2019ve exhausted all your other options.\n<\/p><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/15163\/what-are-finalizers-in-kubernetes-how-to-handle-object-deletions\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#What Are Finalizers In Kubernetes? How to Handle Object Deletions \u2013 CloudSavvy IT&#8221; Kubernetes object deletions aren\u2019t as straightforward as they seem on the surface. Deleting an object is an involved process that includes conditional checks to determine whether safe removal is possible. This is achieved by API objects called Finalizers. In this article, we\u2019ll&#8230;<\/p>\n","protected":false},"author":1,"featured_media":392120,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2021\/02\/748108a6.jpg","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-392119","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/392119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=392119"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/392119\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/392120"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=392119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=392119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=392119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}