How to identify what creates a Kubernetes resource?

I am debugging what creates the following resources:

$ kubectl get deploy -o=name | grep datadog
deployment.apps/datadog-cluster-agent
deployment.apps/datadog-kube-state-metrics

Every time I delete them, within seconds they are created again.

Just by looking at the labels, I can tell that it is managed by Helm:

$ kubectl describe deploy/datadog-cluster-agent
Name:                   datadog-cluster-agent
Namespace:              default
CreationTimestamp:      Tue, 26 Jan 2021 18:56:51 -0800
Labels:                 app.kubernetes.io/instance=datadog
                        app.kubernetes.io/managed-by=Helm
                        app.kubernetes.io/name=datadog
                        app.kubernetes.io/version=7
                        contra.com/app-name=datadog
                        helm.sh/chart=datadog-2.7.0

However, I am pretty confident that Helm is not even installed on the cluster:

$ kubectl get all -A | grep helm
$ kubectl get all -A | grep tiller

How do I identify what is creating this datadog deployment every time I delete it?

Further debugging information:

Attempting to list all related resources gives:

$ kubectl get all -l app.kubernetes.io/instance=datadog
NAME                                              READY   STATUS    RESTARTS   AGE
pod/datadog-kube-state-metrics-55d9f8659f-5tqsl   1/1     Running   0          4m43s

NAME                                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)    AGE
service/datadog-cluster-agent        ClusterIP   10.0.14.155   <none>        5005/TCP   6h16m
service/datadog-kube-state-metrics   ClusterIP   10.0.2.87     <none>        8080/TCP   20d

NAME                     DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR            AGE
daemonset.apps/datadog   5         5         4       1            4           kubernetes.io/os=linux   3m45s

NAME                                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/datadog-cluster-agent        1/1     1            1           4m37s
deployment.apps/datadog-kube-state-metrics   1/1     1            1           4m43s

NAME                                                    DESIRED   CURRENT   READY   AGE
replicaset.apps/datadog-kube-state-metrics-55d9f8659f   1         1         1       4m43s

If I delete all resources using kubectl delete all -l app.kubernetes.io/instance=datadog, they are recreated within seconds again.

Solution 1:

You should check that Deployment JSON or YAML definition. In the metadata, there should be an ownerReference, such as:

apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2021-01-12T08:34:06Z"
  generation: 1
  name: eventlistener
  namespace: ci
  ownerReferences:
  - apiVersion: triggers.tekton.dev/v1alpha1
    blockOwnerDeletion: true
    controller: true
    kind: EventListener
    name: github-listener
    uid: 54a7115e-565d-4239-b8fc-66e94c6c221b
spec:
...

When an object is created by another, you should find that ownerReference, telling you who's to blame.