0

Creating a persistent volume using the following yaml definition file,

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs-manual-pv
spec:
  capacity:
    storage: 256Mi
  accessModes:
  - ReadWriteMany
  persistentVolumeReclaimPolicy: Delete
  storageClassName: standard
  nfs:
    server: <local_nfs_server_ip>
    path: "/Users/<username>/Minikube/nfs-mount"

Using the standard (default) storageClass to create the PV which is using the k8s.io/minikube-hostpath provisioner.

Immediately, after i apply the above yaml definition and create the PV, even before it gets associated with any PVC, i can see the Finalizers:[kubernetes.io/pv-protection] in the pv description.

Following is the state of the PV after creation,

>> k get pv nfs-manual-pv

NAME            CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   REASON   AGE
nfs-manual-pv   256Mi      RWX            Delete           Available           standard                25m

When i describe the PV i am seeing this result with kubernetes.io/pv-protection finalizer set.

>> k describe pv nfs-manual-pv

Name:            nfs-manual-pv
Labels:          <none>
Annotations:     <none>
Finalizers:      [kubernetes.io/pv-protection]
StorageClass:    standard
Status:          Available
Claim:
Reclaim Policy:  Delete
Access Modes:    RWX
VolumeMode:      Filesystem
Capacity:        256Mi

When the Pod stops using the PersistentVolume, Kubernetes clears the pv-protection finalizer, and the controller deletes the volume.

According to the documentation Kubernetes should only set the pv-protection finalizer when the PV is in use, in my case, it is not associated with a PVC and not in use.

What could be the reason for this behaviour?

Seralahthan
  • 182
  • 11
  • After some digging, found out that the behaviour mentioned above is normal. K8s automatically adds `kubernetes.io/pv-protection` to the PV's metadata immediately after the PV is created to ensure proper cleanup and handling of resources before they are deleted. – Seralahthan Jul 23 '23 at 06:00
  • If there are any active references to the PV (existing PVCs associated with it), the finalizer ensures that the PV is not removed until those references are properly cleaned up. If the PV has the `kubernetes.io/pv-protection` finalizer, it will not be deleted until all the relevant resources and references are cleared. Once all associated resources are cleaned up, Kubernetes removes the finalizer and proceeds with the deletion of the PV. – Seralahthan Jul 23 '23 at 06:06

0 Answers0