如何强制删除Kubernetes命名空间? [英] How to force delete a Kubernetes Namespace?
问题描述
如何强制删除终止在终止中的命名空间?
How do I force delete Namespaces stuck in Terminating?
- 应用此YAML
apiVersion: v1
kind: Namespace
metadata:
name: delete-me
spec:
finalizers:
- foregroundDeletion
-
kubectl delete ns delete-me
无法删除delete-me.
我发现的唯一解决方法是销毁并重新创建整个集群.
The only workaround I've found is to destroy and recreate the entire cluster.
这些都不起作用或修改命名空间.在完成所有这些操作之后,仍然存在问题的终结器.
None of these work or modify the Namespace. After any of these the problematic finalizer still exists.
应用:
apiVersion: v1
kind: Namespace
metadata:
name: delete-me
spec:
finalizers:
$ kubectl apply -f tmp.yaml
namespace/delete-me configured
该命令没有错误完成,但名称空间未删除.
The command finishes with no error, but the Namespace is not udpated.
以下YAML具有相同的结果:
The below YAML has the same result:
apiVersion: v1
kind: Namespace
metadata:
name: delete-me
spec:
kubectl edit
kubectl edit ns delete-me,然后删除终结器.同上完全删除列表.同上删除spec.同上用空列表替换finalizers.
kubectl edit
kubectl edit ns delete-me, and remove the finalizer. Ditto removing the list entirely. Ditto removing spec. Ditto replacing finalizers with an empty list.
$ kubectl edit ns delete-me
namespace/delete-me edited
这不会显示任何错误消息,但不会更新命名空间.再次kubectl edit对象显示终结器仍然存在.
This shows no error message but does not update the Namespace. kubectl editing the object again shows the finalizer still there.
-
kubectl proxy & -
curl -k -H "Content-Type: application/yaml" -X PUT --data-binary @tmp.yaml http://127.0.0.1:8001/api/v1/namespaces/delete-me/finalize
kubectl proxy &curl -k -H "Content-Type: application/yaml" -X PUT --data-binary @tmp.yaml http://127.0.0.1:8001/api/v1/namespaces/delete-me/finalize
如上所述,此操作成功退出但不执行任何操作.
As above, this exits successfully but does nothing.
kubectl delete ns delete-me --force --grace-period=0
这实际上会导致错误:
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
Error from server (Conflict): Operation cannot be fulfilled on namespaces "delete-me": The system is ensuring all content is removed from this namespace. Upon completion, this namespace will automatically be purged by the system.
但是,它实际上什么也没做.
However, it doesn't actually do anything.
在我设置用于调试此问题的测试群集中,我已经等待了一个多星期.即使命名空间最终决定删除,我还是需要比一周快的时间删除它.
In the test cluster I set up to debug this issue, I've been waiting over a week. Even if the Namespace might eventually decide to be deleted, I need it to be deleted faster than a week.
命名空间为空.
$ kubectl get -n delete-me all
No resources found.
etcdctl
$ etcdctl --endpoint=http://127.0.0.1:8001 rm /namespaces/delete-me
Error: 0: () [0]
我很确定这是一个错误,但是我不知道如何解释.这也行不通.还尝试了--dir和-r.
I'm pretty sure that's an error, but I have no idea how to interpret that. It also doesn't work. Also tried with --dir and -r.
有一个用于强制删除命名空间的脚本.这也行不通.
$ ./kill-kube-ns delete-me
Killed namespace: delete-me
$ kubectl get ns delete-me
NAME STATUS AGE
delete-me Terminating 1h
POST将已编辑的资源/finalize
返回405 .我不确定这是否是POST到/finalize的规范方法.
POSTing the edited resource to /finalize
Returns a 405. I'm not sure if this is the canonical way to POST to /finalize though.
此 出现 到 被 a 重复发生 问题 和 没有 of 这些 资源 已帮助.
This appears to be a recurring problem and none of these resources helped.
推荐答案
kubectl proxy尝试几乎是正确的,但并非完全正确.可以使用JSON代替YAML来解决问题,但我不确定.
The kubectl proxy try is almost correct, but not quite. It's possible using JSON instead of YAML does the trick, but I'm not certain.
终结符列表为空的JSON:
The JSON with an empty finalizers list:
~$ cat ns.json
{
"kind": "Namespace",
"apiVersion": "v1",
"metadata": {
"name": "delete-me"
},
"spec": {
"finalizers": []
}
}
使用curl到PUT对象,而不会遇到有问题的终结器.
Use curl to PUT the object without the problematic finalizer.
~$ curl -k -H "Content-Type: application/json" -X PUT --data-binary @ns.json http://127.0.0.1:8007/api/v1/namespaces/delete-me/finalize
{
"kind": "Namespace",
"apiVersion": "v1",
"metadata": {
"name": "delete-me",
"selfLink": "/api/v1/namespaces/delete-me/finalize",
"uid": "0df02f91-6782-11e9-8beb-42010a800137",
"resourceVersion": "39047",
"creationTimestamp": "2019-04-25T17:46:28Z",
"deletionTimestamp": "2019-04-25T17:46:31Z",
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"name\":\"delete-me\"},\"spec\":{\"finalizers\":[\"foregroundDeletion\"]}}\n"
}
},
"spec": {
},
"status": {
"phase": "Terminating"
}
}
命名空间已删除!
~$ kubectl get ns delete-me
Error from server (NotFound): namespaces "delete-me" not found
这篇关于如何强制删除Kubernetes命名空间?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
