Kubernetes之删除Terminating状态的命名空间
LiuSw Lv6
 2022-12-20 15:02:38      443 字  2 分钟  

Kubernetes之删除Terminating状态的命名空间

1.描述

使用kubectl delete -f xxx.yaml,再次执行 kubectl apply -f xxx.yaml,提示:

1
2
3
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": configmaps "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": serviceaccounts "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": deployments.apps "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated

查看命名空间

1
2
3
4
5
6
7
8
kubectl  get ns

# NAME                STATUS        AGE
# default             Active        15h
# kube-node-lease     Active        15h
# kube-public         Active        15h
# kube-system         Active        15h
# kubesphere-system   Terminating   28m

发现kubesphere-system一直处于Terminating 状态。无法删除命名空间!!

2.解决办法

查看kubesphere-system的namespace描述

1
kubectl get ns kubesphere-system  -o json > kubesphere-system.json
1
2
# 编辑json文件,删除spec字段的内存,因为k8s集群时需要认证的。
vi kubesphere-system.json
1
2
3
4
5
6

"spec": {
        "finalizers": [
            "kubernetes"
        ]
    },
1
2
3
4
5
改成
"spec": {


  },

或者

1
2
3
4
5
for NS in $(kubectl get ns 2>/dev/null | grep Terminating | cut -f1 -d ' '); do
  kubectl get ns $NS -o json > /tmp/$NS.json
  sed -i '' "s/\"kubernetes\"//g" /tmp/$NS.json
  kubectl replace --raw "/api/v1/namespaces/$NS/finalize" -f /tmp/$NS.json
done

新开一个窗口运行kubectl proxy跑一个API代理在本地的8081端口

1
2
kubectl proxy --port=8081
# Starting to serve on 127.0.0.1:8081

最后运行curl命令进行删除

1
curl -k -H "Content-Type:application/json" -X PUT --data-binary @kubesphere-system.json http://127.0.0.1:8081/api/v1/namespaces/kubesphere-system/finalize

注意:命令中的kubesphere-system就是命名空间。

再次查看命名空间

1
2
3
4
5
6
7
kubectl get ns

# NAME              STATUS   AGE
# default           Active   15h
# kube-node-lease   Active   15h
# kube-public       Active   15h
# kube-system       Active   15h

发现kubesphere-system命名空间已经消失了

 评论