I am performing a kubectl apply -f jenkins_pvc.yaml where
$ cat jenkins_pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: "jenkins-cd-pvc"
namespace: "jenkins"
finalizers: null
spec:
storageClassName: "standard"
volumeName: "jenkins-cd-pv"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "200Gi"however the finalizers field is not taken into account from what the pvc description indicates:
▶ k describe pvc jenkins-cd-pvc
Name: jenkins-cd-pvc
Namespace: jenkins
StorageClass: standard
Status: Bound
Volume: jenkins-cd-pv
Labels: <none>
Annotations: pv.kubernetes.io/bind-completed: yes
Finalizers: [kubernetes.io/pvc-protection]
Capacity: 200Gi
Access Modes: RWO
VolumeMode: Filesystem
Mounted By: jenkins-cd-6d8f5c79d6-xt2fs
Events: <none>Why is that?
StorageObjectInUseProtection plugin adds the kubernetes.io/pvc-protection finalizer to newly created Persistent Volume Claims (PVCs).
You can disable this admission controller which is enabled by default.
To see which admission plugins are enabled
kube-apiserver -h | grep enable-admission-pluginsThe Kubernetes API server flag disable-admission-plugins takes a comma-delimited list of admission control plugins to be disabled, even if they are in the list of plugins enabled by default.
kube-apiserver --disable-admission-plugins=StorageObjectInUseProtectionAs a side note you can always patch a pvc after its created.
kubectl patch pvc PVC_NAME -p '{"metadata":{"finalizers": []}}' --type=merge