Using Finalizers

Finalizers allow controllers to implement asynchronous pre-delete hooks. Let’ssay you create an external resource (such as a storage bucket) for each object ofyour API type, and you want to delete the associated external resourceon object’s deletion from Kubernetes, you can use a finalizer to do that.

You can read more about the finalizers in the Kubernetes reference docs. The section below demonstrates how to register and trigger pre-delete hooksin the Reconcile method of a controller.

The key point to note is that a finalizer causes “delete” on the object to becomean “update” to set deletion timestamp. Presence of deletion timestamp on the objectindicates that it is being deleted. Otherwise, without finalizers, a deleteshows up as a reconcile where the object is missing from the cache.

Highlights:

  • If the object is not being deleted and does not have the finalizer registered,then add the finalizer and update the object in Kubernetes.
  • If object is being deleted and the finalizer is still present in finalizers list,then execute the pre-delete logic and remove the finalizer and update theobject.
  • Ensure that the pre-delete logic is idempotent.

Apache License

Licensed under the Apache License, Version 2.0 (the “License”);you may not use this file except in compliance with the License.You may obtain a copy of the License at

  1. http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, softwaredistributed under the License is distributed on an “AS IS” BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.See the License for the specific language governing permissions andlimitations under the License. ImportsFirst, we start out with some standard imports.As before, we need the core controller-runtime library, as well asthe client package, and the package for our API types.

  2. package controllers
  4. import (
  5.     "context"
  7.     "github.com/go-logr/logr"
  8.     ctrl "sigs.k8s.io/controller-runtime"
  9.     "sigs.k8s.io/controller-runtime/pkg/client"
  11.     batchv1 "tutorial.kubebuilder.io/project/api/v1"
  12. )

The code snippet below shows skeleton code for implementing a finalizer.

  3. func (r *CronJobReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
  4.     ctx := context.Background()
  5.     log := r.Log.WithValues("cronjob", req.NamespacedName)
  7.     var cronJob batch.CronJob
  8.     if err := r.Get(ctx, req.NamespacedName, &cronJob); err != nil {
  9.         log.Error(err, "unable to fetch CronJob")
  10.         // we'll ignore not-found errors, since they can't be fixed by an immediate
  11.         // requeue (we'll need to wait for a new notification), and we can get them
  12.         // on deleted requests.
  13.         return ctrl.Result{}, ignoreNotFound(err)
  14.     }
  16.     // name of our custom finalizer
  17.     myFinalizerName := "storage.finalizers.tutorial.kubebuilder.io"
  19.     // examine DeletionTimestamp to determine if object is under deletion
  20.     if cronJob.ObjectMeta.DeletionTimestamp.IsZero() {
  21.         // The object is not being deleted, so if it does not have our finalizer,
  22.         // then lets add the finalizer and update the object. This is equivalent
  23.         // registering our finalizer.
  24.         if !containsString(cronJob.ObjectMeta.Finalizers, myFinalizerName) {
  25.             cronJob.ObjectMeta.Finalizers = append(cronJob.ObjectMeta.Finalizers, myFinalizerName)
  26.             if err := r.Update(context.Background(), cronJob); err != nil {
  27.                 return ctrl.Result{}, err
  28.             }
  29.         }
  30.     } else {
  31.         // The object is being deleted
  32.         if containsString(cronJob.ObjectMeta.Finalizers, myFinalizerName) {
  33.             // our finalizer is present, so lets handle any external dependency
  34.             if err := r.deleteExternalResources(cronJob); err != nil {
  35.                 // if fail to delete the external dependency here, return with error
  36.                 // so that it can be retried
  37.                 return ctrl.Result{}, err
  38.             }
  40.             // remove our finalizer from the list and update it.
  41.             cronJob.ObjectMeta.Finalizers = removeString(cronJob.ObjectMeta.Finalizers, myFinalizerName)
  42.             if err := r.Update(context.Background(), cronJob); err != nil {
  43.                 return ctrl.Result{}, err
  44.             }
  45.         }
  47.         return ctrl.Result{}, err
  48.     }
  50.     // rest of the reconciler code
  51. }
  53. func (r *Reconciler) deleteExternalResources(cronJob *batch.CronJob) error {
  54.     //
  55.     // delete any external resources associated with the cronJob
  56.     //
  57.     // Ensure that delete implementation is idempotent and safe to invoke
  58.     // multiple types for same object.
  59. }
  61. // Helper functions to check and remove string from a slice of strings.
  62. func containsString(slice []string, s string) bool {
  63.     for _, item := range slice {
  64.         if item == s {
  65.             return true
  66.         }
  67.     }
  68.     return false
  69. }
  71. func removeString(slice []string, s string) (result []string) {
  72.     for _, item := range slice {
  73.         if item == s {
  74.             continue
  75.         }
  76.         result = append(result, item)
  77.     }
  78.     return
  79. }