Analysis updated 2026-05-18
Diagnose a Kubernetes namespace stuck in Terminating and safely clear the blocking finalizer
Scan a cluster for all stuck Terminating resources to find orphaned objects with dead controllers
Add a CI step that fails the build if any resources are stuck in Terminating after a test suite run
| alexremn/finalizer-doctor | azer/diskwhere | dev2k6/command-code-proxy-server | |
|---|---|---|---|
| Stars | 3 | 3 | 3 |
| Language | Go | Go | Go |
| Setup difficulty | easy | easy | easy |
| Complexity | 3/5 | 1/5 | 2/5 |
| Audience | ops devops | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires kubectl and cluster access. Install via Homebrew, krew, or standalone binary.
When you delete a namespace or other resource in Kubernetes and it gets stuck in a "Terminating" state for a long time, the usual cause is a finalizer. A finalizer is a marker that tells Kubernetes to hold off on actually deleting the resource until some controller does cleanup work. If that controller has crashed or been uninstalled, nothing ever finishes the cleanup, and the resource hangs in Terminating indefinitely. The common workarounds for this problem, like manually editing the finalizer out, forcing deletion with special flags, or blindly clearing the finalizers list, all carry real risk: they can orphan actual infrastructure such as load balancers, cloud volumes, or operator-managed databases that the finalizer was protecting. The problem is that these approaches make no distinction between a controller that is completely gone versus one that is just slow or temporarily unavailable. Finalizer-doctor is a kubectl plugin that diagnoses this situation carefully. Before touching anything, it inspects the stuck resource, identifies which specific finalizer is blocking deletion, and checks whether the owning controller is actually gone rather than just slow. It only marks a finalizer as safe to clear when there is hard evidence the controller is gone. By default it runs in dry-run mode and makes no changes at all, printing a summary of what it found and what it would do. To apply changes, you pass a confirmation token that is tied to the exact state it showed you, preventing changes from being applied to a different state than the one you reviewed. Installation is available via Homebrew, krew (the kubectl plugin manager), or standalone binaries. The tool can also scan an entire cluster for all stuck resources in read-only mode, which is useful for CI checks. It is licensed under Apache 2.0.
A kubectl plugin that safely diagnoses Kubernetes resources stuck in Terminating by identifying the blocking finalizer and confirming its controller is actually gone, not just slow. Dry-run by default, requires proof before any change.
Mainly Go. The stack also includes Go, Kubernetes, kubectl.
Use freely for any purpose including commercial use, keep the license and copyright notice.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.