kubernetes finalizers
I was reading the Disruption section of the Karpenter docs and the first sentence says,
Karpenter sets a Kubernetes finalizer on each node and node claim it provisions.
I then decided to take some time to understand what finalizers are.
Here's my understanding...
They are kinda like garbage collectors.
They tell kubernetes what operations to perform before a resource can be removed.
But these operations are not commands that get executed, they are "lists of keys", similar to annotations.
Examples
Prevent accidental deletion of volumes with
kubernetes.io/pv-protection
kubernetes.io/pvc-protection
Sometimes it's hard to delete stuff.
If you ever run kubectl delete pod foo and get back Pod "foo" delete but it just hangs... It's probably because there is a finalizer somewhere. Kubernetes will block the object from getting deleted in etcd if there is an unfinished finalizer.
So kubectl delete pod foo is more an of update. It adds a deletionTimestamp to the Pod's metadata if it has a finalizer.
So, if you attempt to delete an object that has a finalizer on it, it will remain in finalization until the controller has removed the finalizer keys or the finalizers are removed using Kubectl. Once that finalizer list is empty, the object can actually be reclaimed by Kubernetes and put into a queue to be deleted from the registry.
How to inspect a resource's finalizers
apiVersion: v1
kind: ConfigMap
metadata:
name: mymap
finalizers:
- kubernetes