How to remove Kubernetes namespaces stuck in a Terminating state

This document (000021065) is provided subject to the disclaimer at the end of this document.

Environment

Rancher 2.6/2.7/2.8

Situation

This situation most frequently occurs where a resource still exists within the Namespace with a finalizer that can no longer be satisfied, e.g. a custom resource controlled by an operator, with a finalizer referencing the operator, but where the operator has already been removed from the cluster.

To mitigate a namespace stuck in a terminating state, the following steps should be performed:

1) Check if any apiservice is unavailable.

2) Find all resources that still exist for this namespace and remove the finalizers.

Resolution

1) Check apiservice unavailable

Check if any apiservice is unavailable and hence does not serve its resources.

 kubectl get apiservice|grep False

2)Find resources and remove finalizers

Find all resources that still exist where "$your-ns-to-delete" is the name of the namespace stuck in a terminating state, and remove any finalizer on those resources that can no longer be met.

kubectl api-resources --verbs=list --namespaced -o name | xargs -I {} sh -c 'echo "Checking for {} resources"; kubectl get {} -n $your-ns-to-delete;'

To remove the finalizers, you can use the following patch on the resource.

kubectl -n <namespace> patch <RessourceObject> <Object-name> -p '{"metadata":{"finalizers":null}}' --type=merge

Additional Information

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.