A Kubernetes tool to safely remove finalizers from resources based on specified criteria. Features both CLI flags and an interactive TUI mode for easy finalizer management.
- Interactive TUI Mode: User-friendly interface for selecting namespaces, resource types, and finalizers
- Batch Operations: Remove finalizers from multiple resources at once
- Dry Run Mode: Preview changes before applying them
- Flexible Filtering: Filter by namespaces, resource kinds, and specific finalizer names
- Comprehensive Logging: Detailed logging with different log levels
- Safe Operations: Only removes specified finalizers, preserving others
go install github.com/risen228/finalizer-cleaner@latestgit clone https://github.com/risen228/finalizer-cleaner.git
cd finalizer-cleaner
go build .Run without arguments or with limited arguments to enter interactive TUI mode:
finalizer-cleanerThe interactive mode will guide you through:
- Selecting namespaces (or all namespaces)
- Selecting resource types (or all types)
- Selecting which finalizers to remove
Specify all parameters via command-line flags:
./finalizer-cleaner \
--namespaces "default,kube-system" \
--kinds "apps/v1/Deployment,v1/Pod" \
--finalizers "kubernetes.io/pvc-protection,example.com/finalizer"--namespaces: Comma-separated list of namespaces (empty = all namespaces)--kinds: Comma-separated list of Group/Version/Kind triplets (empty = all kinds)--finalizers: Comma-separated list of finalizers to remove (empty = all finalizers)--dry-run: Print what would be changed without making actual modifications--interactive: Force interactive mode even when other flags are provided--verbose: Enable verbose logging for detailed operation information--timeout: HTTP timeout for Kubernetes API calls (default: 30s)
./finalizer-cleaner \
--namespaces default \
--kinds apps/v1/Deployment \
--finalizers "example.com/my-finalizer"./finalizer-cleaner \
--namespaces default \
--dry-run./finalizer-cleaner \
--namespaces default \
--kinds apps/v1/Deployment \
--verbose./finalizer-cleaner \
--namespaces default \
--kinds v1/Pod \
--finalizers ""- Always use dry-run first: Before performing actual removal, use
--dry-runto preview changes - Be specific with finalizers: Only remove finalizers you understand. Removing system finalizers can cause data loss
- Understand the impact: Finalizers exist to ensure proper cleanup. Removing them bypasses this cleanup
- Backup important resources: Consider backing up critical resources before removing finalizers
When a namespace is stuck in "Terminating" state:
./finalizer-cleaner \
--namespaces stuck-namespace \
--finalizers "kubernetes"To force-delete protected PVCs:
./finalizer-cleaner \
--kinds v1/PersistentVolumeClaim \
--finalizers "kubernetes.io/pvc-protection"Remove custom operator finalizers:
./finalizer-cleaner \
--kinds "example.com/v1/CustomResource" \
--finalizers "example.com/operator-finalizer"The tool is structured into several modules:
main.go: Entry point and orchestrationconfig.go: Configuration parsing and validationtui.go: Interactive terminal UI componentskubernetes.go: Kubernetes client and operationslogger.go: Structured logging utilitiesutils.go: Helper functions
- Go 1.21 or later
- Access to a Kubernetes cluster (via
~/.kube/configorKUBECONFIGenvironment variable) - Appropriate RBAC permissions to list and patch target resources
This project currently uses replace directives in go.mod to resolve protobuf registration conflicts between gnostic and gnostic-models libraries. See DEPENDENCY_NOTES.md for details and future migration plans.
MIT License
Contributions are welcome! Please feel free to submit a Pull Request.