Skip to main content

Finalizers Created by the Operator

What Are Finalizers?

Finalizers are mechanisms in Kubernetes that prevent a resource from being deleted until certain cleanup operations have been completed. They act as a safeguard to ensure that dependent external resources, such as resources in your ngrok account that the operator creates/updates/deletes, are properly removed before the Kubernetes object disappears.

When a resource with a finalizer is deleted, Kubernetes does not immediately remove it. Instead, the resource enters a "deletion in progress" state, allowing the operator to perform necessary cleanup tasks before the resource is fully deleted. If you are using the ngrok Kubernetes operator, and delete resources such as CloudEndpoint/AgentEndpoint and notice that they are not going away, this is likely the case.

How the Operator Uses Finalizers

The ngrok Kubernetes operator automatically attaches finalizers to its custom resources to make sure that any associated resources in your ngrok account are properly cleaned up before deletion.

Why Does the Operator Use Finalizers?

  • Prevents orphaned resources
    • Ensures ngrok resources (e.g., tunnels, endpoints) are deleted before removing the Kubernetes object.
  • Ensures a clean teardown
    • Avoids leaving behind unnecessary external configurations.
  • Prevents inconsistencies
    • Ensures that removing a Kubernetes resource does not leave ghost services in your ngrok account.

How Finalizers Work

  1. Resource is Marked for Deletion
    When a user deletes an ngrok custom resource, Kubernetes does not immediately remove it. Instead, it sets a deletion timestamp on the resource.

  2. The Operator Detects the Deletion Request
    The ngrok operator sees that the resource has a finalizer and begins the cleanup process.

  3. Cleanup Operations are Performed

    • Contacts the ngrok API to delete the associated tunnel, endpoint, or cloud resource.
    • Verifies successful cleanup before proceeding.

  4. Finalizer is Removed
    Once the ngrok resource is fully cleaned up, the operator removes the finalizer from the Kubernetes object.

  5. Kubernetes Deletes the Resource
    With the finalizer removed, Kubernetes completes the deletion process, and the resource is fully removed from the cluster.

Checking Finalizers on a Resource

To check if a resource has a finalizer, use:

Loading…

Example output:

Loading…

Manually Removing Finalizers

If the operator is not responding or failing to clean up resources properly, you may need to manually remove the finalizer on a resource. This may happen if you are uninstalling the operator with helm uninstall and the operator pods are removed before they have a chance to clean up the finalizers on all the resources that were marked for deletion. When uninstalling the operator, it is recommended to remove the custom resources first before uninstalling the Pods.

Warning

This will bypass cleanup operations, potentially leaving behind orphaned resources in your ngrok account. Check your ngrok dashboard after performing this to ensure that the resource is removed from your account so that you are not billed for it.

Loading…