Kubernetes links objects in ownership hierarchies. A ReplicaSet owns Pods. Deleting the ReplicaSet can delete its Pods. Kubernetes uses owner references and garbage collection to manage this lifecycle. This article explains owners and dependents at a glance.
TL;DR
- Owner references link dependent objects to controllers.
- Garbage collector removes dependents on owner deletion.
- Deletion propagation modes control cascade or orphaning.
- Finalizers delay deletion until cleanup tasks finish.
- Deep dive covers
ReplicaSet,Job,CronJob,StatefulSet.
Key Concepts of Owner Dependent Objects
An owner reference is a metadata field. It points from a dependent to its owner. Kubernetes garbage collector reads ownerReferences. It enforces deletion policies. Labels and selectors differ; they match objects but do not enforce deletion. Owner references do.
Defining Owner References
Every Kubernetes object has metadata.ownerReferences. Each entry contains:
apiVersionkindnameuidcontroller(boolean)blockOwnerDeletion(boolean)
When you create a child object manually, you can set ownerReferences by YAML or via client libraries. Controllers set it automatically. Example:
apiVersion: v1
kind: Pod
metadata:
name: demo-pod
ownerReferences:
- apiVersion: apps/v1
kind: ReplicaSet
name: demo-replicaset
uid: "abcd-1234-efgh-5678"
controller: true
blockOwnerDeletion: true
...Garbage Collection and Owners
Kubernetes runs a garbage collector. It examines ownerReferences on each object. If an owner is deleted, the collector handles dependents. Two propagation modes exist:
- Foreground: Delete dependents first, then owner.
- Background: Delete owner immediately, then dependents later.
- Orphan: Dependents lose owner reference but remain.
Deletion Propagation Modes
You specify propagation via the API call. Example:
kubectl delete replicaset demo-replicaset --cascade=foregroundOr in a manifest:
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: demo-replicaset
deleteOptions:
propagationPolicy: Orphan
...Finalizers and Cleanup of Owner-Dependent objects
Finalizers prevent deletion until cleanup completes. Add entries in metadata.finalizers. The object is marked for deletion, but remains until controllers remove finalizers. Use for external resource cleanup.
Owner Dependent Objects Workflow
This diagram demonstrates sequence:
Use-Cases for Owner Dependent Objects
Controllers rely on owner references to manage lifecycles:
- ReplicaSet → Pods
- Deployment → ReplicaSet
- Job → Pods
- CronJob → Jobs → Pods
- StatefulSet → Pods
Example: Job and Pod Ownership
Job creates Pods to run tasks. When the Job finishes or is deleted, its Pods become dependents. By default, completed Pods remain until garbage collected or manually cleaned. Set .spec.ttlSecondsAfterFinished to let GC remove them automatically.[4]
apiVersion: batch/v1
kind: Job
metadata:
name: pi-job
spec:
ttlSecondsAfterFinished: 100
template:
spec:
containers:
- name: pi
image: perl
command: ["perl", "-Mbignum=bpi", "-wle", "print bpi(2000)"]
restartPolicy: NeverManaging Orphans
Orphaning dependents helps preserve data. For example, StatefulSet Pods may hold state in PVs. Deleting the StatefulSet with orphaning keeps PVCs and Pods. You can then reattach manually.
Access Control and Security
RBAC can restrict deletion propagation. You grant users permissions on deleteoptions. For instance, permit cascade delete to admins only. Attach policies to protect critical resources.
Best Practices for Owner Dependent Objects
- Always use controllers to set ownerReferences automatically.
- Apply finalizers for external cleanup tasks.
- Choose propagationPolicy based on data importance.
- Use TTL controller for job pod cleanup.
- Audit ownerReferences to avoid orphan leaks.
References
- Owners and Dependents – Kubernetes Documentation
- Garbage Collection in Kubernetes
- Delete resources by file names, stdin, resources and names, or by resources and label selector.
- Automatic Cleanup for Finished Jobs
Suggested Reading
PostHashID: 4c1b02f00f14511c15ca6eeb23f489feef3cd4f0421af6f349b7fd8127376890
