When exactly do I set an ownerReference's controller field to true?

6/27/2018

I am writing a Kubernetes controller.

Someone creates a custom resource via kubectl apply -f custom-resource.yaml. My controller notices the creation, and then creates a Deployment that pertains to the custom resource in some way.

I am looking for the proper way to set up the Deployment's ownerReferences field such that a deletion of the custom resource will result in a deletion of the Deployment. I understand I can do this like so:

ownerReferences:
- kind: <kind from custom resource>
  apiVersion: <apiVersion from custom resource>
  uid: <uid from custom resource>
  controller: <???>

I'm unclear on whether this is case where I would set controller to true.

The Kubernetes reference documentation says (in its entirety):

If true, this reference points to the managing controller.

Given that a controller is running code, and an owner reference actually references another Kubernetes resource via matching uid, name, kind and apiVersion fields, this statement is nonsensical: a Kubernetes object reference can't "point to" code.

I have a sense that the documentation author is trying to indicate that—using my example—because the user didn't directly create the Deployment herself, it should be marked with some kind of flag indicating that a controller created it instead.

Is that correct?

The follow on question here is of course: OK, what behavior changes if controller is set to false here, but the other ownerReference fields are set as above?

-- Laird Nelson
kubernetes

2 Answers

5/8/2020

According to the source code of Kubernetes, the object will be garbage collected only after all objects in ownerReferences field are deleted.

https://github.com/kubernetes/apimachinery/blob/15d95c0b2af3f4fcf46dce24105e5fbb9379af5a/pkg/apis/meta/v1/types.go#L240-L247

// List of objects depended by this object. If ALL objects in the list have
// been deleted, this object will be garbage collected. If this object is managed by a controller,
// then an entry in this list will point to this controller, with the controller field set to true.
// There cannot be more than one managing controller.
-- ymmt2005
Source: StackOverflow

7/4/2018

According to the documentation:

Sometimes, Kubernetes sets the value of ownerReference automatically. For example, when you create a ReplicaSet, Kubernetes automatically sets the ownerReference field of each Pod in the ReplicaSet. In 1.6, Kubernetes automatically sets the value of ownerReference for objects created or adopted by ReplicationController, ReplicaSet, StatefulSet, DaemonSet, and Deployment.

You can also specify relationships between owners and dependents by manually setting the ownerReference field.

Basically, a Deployment is on the top of the ownership hierarchy, and ownerReference is not set to it automatically. Therefore, you can manually add ownerReference to your Deployment to create the reference to your Foo resource.

You asked:

The follow on question here is of course: OK, what behavior changes if controller is set to false here, but the other ownerReference fields are set as above?

OwnerReference is used by a Garbage Collector. The role of the Kubernetes Garbage Collector is to delete certain objects that once had an owner, but no longer have it.

Here is the link to the description of the OwnerReference structure on Github. As you mentioned, if controller: true, the reference points to the managing controller, in other words, the owner. And also, it is the instruction for Garbage Collector's behavior related to the object and its owner. If controller: false, Garbage Collector manages the object as an object without an owner, for example, allows to delete it freely.

For more information, you can visit the following links:
- Garbage Collection
- Deletion and Garbage Collection of Kubernetes Objects

-- Artem Golenyaev
Source: StackOverflow