kubectl-check-ownerreferences is a read-only tool that identifies objects with potentially
problematic items in metadata.ownerReferences. See http://issue.k8s.io/65200
and http://issue.k8s.io/92743 for more context.
To download:
Pre-built binaries are available for the latest release for darwin and linux.
To install from source:
git clone https://github.com/kubernetes-sigs/kubectl-check-ownerreferences.git
cd kubectl-check-ownerreferences
make installTo use:
- Ensure kubectl can speak to the cluster you want to check:
kubectl versionClient Version: ... Server Version: ...
- Invoke
kubectl-check-ownerreferences, and it will read items from the same cluster askubectl:
kubectl-check-ownerreferences No invalid ownerReferences found
Details
kubectl-check-ownerreferences does the following:
- Discovers available resources in your cluster
- Lists the metadata for each resource, building a set of existing objects in the cluster
- Sweeps the
ownerReferencesfor existing objects, and makes sure the referenced owners:- exist
- have a matching kind
- have a matching name
- are in the correct namespace (or are cluster-scoped)
- are referenced via a resolveable
apiVersion
Error handling
If some resources cannot be discovered or listed,
kubectl-check-ownerreferences will output warnings to stderr and continue.
If some child objects have ownerReferences that refer to the
undiscoverable or unlistable resources, warnings will be printed to stderr.
If parent objects are deleted or child objects are created
while kubectl-check-ownerreferences is running, false positives can be reported.
Options
-
Output machine-readable results to
stdoutwith-o json -
Increase verbosity with
--v(levels 2-9) to see more details about the requests being made -
Increase or decrease the speed with which API requests are made with
--qpsand--burst