driver/kubernetes: add ownerrefs driver option for owner references

abhay1999 · abhay1999 · commit 0bfadd234737 · 2026-04-09T20:33:27.000+05:30
Add support for setting Kubernetes ownerReferences on the builder Deployment/StatefulSet via a new 'ownerrefs' driver option. This allows the builder to be automatically garbage-collected by Kubernetes when its owning resource (e.g. an ephemeral GitHub Actions runner) is deleted. Usage: docker buildx create --driver kubernetes --driver-opt ownerrefs=apiVersion=actions.github.com/v1alpha1,kind=EphemeralRunner,name=runner-xyz,uid=<uid>,controller=true,blockOwnerDeletion=false Multiple owner references can be specified by separating them with semicolons. Each owner reference supports the following fields: apiVersion, kind, name, uid, controller, blockOwnerDeletion closes #2626 Signed-off-by: abhay1999 <abhaychaurasiya19@gmail.com>
diff --git a/driver/kubernetes/factory.go b/driver/kubernetes/factory.go
@@ -17,6 +17,8 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/rest"
 )
 
@@ -272,6 +274,46 @@ func (f *factory) processDriverOpts(deploymentName string, namespace string, cfg
 
 				deploymentOpt.Tolerations = append(deploymentOpt.Tolerations, t)
 			}
+		case k == "ownerrefs":
+			refs := strings.Split(v, ";")
+			deploymentOpt.OwnerReferences = []metav1.OwnerReference{}
+			for i := range refs {
+				kvs := strings.Split(refs[i], ",")
+
+				ref := metav1.OwnerReference{}
+
+				for j := range kvs {
+					kv := strings.SplitN(kvs[j], "=", 2)
+					if len(kv) == 2 {
+						switch kv[0] {
+						case "apiVersion":
+							ref.APIVersion = kv[1]
+						case "kind":
+							ref.Kind = kv[1]
+						case "name":
+							ref.Name = kv[1]
+						case "uid":
+							ref.UID = types.UID(kv[1])
+						case "controller":
+							b, err := strconv.ParseBool(kv[1])
+							if err != nil {
+								return nil, "", "", false, 0, errors.Wrap(err, "invalid ownerrefs controller value")
+							}
+							ref.Controller = &b
+						case "blockOwnerDeletion":
+							b, err := strconv.ParseBool(kv[1])
+							if err != nil {
+								return nil, "", "", false, 0, errors.Wrap(err, "invalid ownerrefs blockOwnerDeletion value")
+							}
+							ref.BlockOwnerDeletion = &b
+						default:
+							return nil, "", "", false, 0, errors.Errorf("invalid ownerrefs key %q", kv[0])
+						}
+					}
+				}
+
+				deploymentOpt.OwnerReferences = append(deploymentOpt.OwnerReferences, ref)
+			}
 		case k == "loadbalance":
 			switch v {
 			case LoadbalanceSticky, LoadbalanceRandom:
diff --git a/driver/kubernetes/factory_test.go b/driver/kubernetes/factory_test.go
@@ -8,6 +8,8 @@ import (
 	"github.com/docker/buildx/driver/bkimage"
 	"github.com/stretchr/testify/require"
 	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/rest"
 )
 
@@ -267,4 +269,59 @@ func TestFactory_processDriverOpts(t *testing.T) {
 			require.Error(t, err)
 		},
 	)
+
+	t.Run(
+		"OwnerRefs", func(t *testing.T) {
+			controller := true
+			blockOwnerDeletion := false
+			cfg.DriverOpts = map[string]string{
+				"ownerrefs": "apiVersion=actions.github.com/v1alpha1,kind=EphemeralRunner,name=runner-xyz,uid=b636330d-26b7-417a-8464-c2641438feed,controller=true,blockOwnerDeletion=false",
+			}
+			r, _, _, _, _, err := f.processDriverOpts(cfg.Name, "test", cfg)
+			require.NoError(t, err)
+			require.Equal(t, []metav1.OwnerReference{
+				{
+					APIVersion:         "actions.github.com/v1alpha1",
+					Kind:               "EphemeralRunner",
+					Name:               "runner-xyz",
+					UID:                types.UID("b636330d-26b7-417a-8464-c2641438feed"),
+					Controller:         &controller,
+					BlockOwnerDeletion: &blockOwnerDeletion,
+				},
+			}, r.OwnerReferences)
+		},
+	)
+
+	t.Run(
+		"MultipleOwnerRefs", func(t *testing.T) {
+			cfg.DriverOpts = map[string]string{
+				"ownerrefs": "apiVersion=v1,kind=Pod,name=pod1,uid=uid-1;apiVersion=v1,kind=Pod,name=pod2,uid=uid-2",
+			}
+			r, _, _, _, _, err := f.processDriverOpts(cfg.Name, "test", cfg)
+			require.NoError(t, err)
+			require.Len(t, r.OwnerReferences, 2)
+			require.Equal(t, types.UID("uid-1"), r.OwnerReferences[0].UID)
+			require.Equal(t, types.UID("uid-2"), r.OwnerReferences[1].UID)
+		},
+	)
+
+	t.Run(
+		"InvalidOwnerRefKey", func(t *testing.T) {
+			cfg.DriverOpts = map[string]string{
+				"ownerrefs": "apiVersion=v1,invalid=foo",
+			}
+			_, _, _, _, _, err := f.processDriverOpts(cfg.Name, "test", cfg)
+			require.Error(t, err)
+		},
+	)
+
+	t.Run(
+		"InvalidOwnerRefController", func(t *testing.T) {
+			cfg.DriverOpts = map[string]string{
+				"ownerrefs": "apiVersion=v1,controller=notabool",
+			}
+			_, _, _, _, _, err := f.processDriverOpts(cfg.Name, "test", cfg)
+			require.Error(t, err)
+		},
+	)
 }
diff --git a/driver/kubernetes/manifest/manifest.go b/driver/kubernetes/manifest/manifest.go
@@ -38,6 +38,7 @@ type DeploymentOpt struct {
 	CustomAnnotations         map[string]string
 	CustomLabels              map[string]string
 	Tolerations               []corev1.Toleration
+	OwnerReferences           []metav1.OwnerReference
 	RequestsCPU               string
 	RequestsMemory            string
 	RequestsEphemeralStorage  string
@@ -154,10 +155,11 @@ func NewDeployment(opt *DeploymentOpt) (d *appsv1.Deployment, s *appsv1.Stateful
 	}
 
 	meta := metav1.ObjectMeta{
-		Namespace:   opt.Namespace,
-		Name:        opt.Name,
-		Labels:      labels,
-		Annotations: annotations,
+		Namespace:       opt.Namespace,
+		Name:            opt.Name,
+		Labels:          labels,
+		Annotations:     annotations,
+		OwnerReferences: opt.OwnerReferences,
 	}
 
 	for _, cfg := range splitConfigFiles(opt.ConfigFiles) {
