K8S 强制删除卡在Terminating状态的namespaces 记录

使用 --force 强制删除，比如删除命名空间 test，执行如下命令

kubectl delete ns monitoring --force --grace-period=0

调用API接口删除

netstat -ntlp | grep kube-apiserve
#API接口查询  

tcp6       0      0 :::6443                 :::*                    LISTEN      15777/kube-apiserve

kubectl get ns monitoring -ojson > tmp.json
#导出信息

修改文件内容

cat tmp.json

{
    "apiVersion": "v1",
    "kind": "Namespace",
    "metadata": {
        "annotations": {
            "kubectl.kubernetes.io/last-applied-configuration": "{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"monitoring"}}
"
        },
        "creationTimestamp": "2019-12-31T07:26:41Z",
        "deletionTimestamp": "2020-02-29T03:22:12Z",
        "name": "monitoring",
        "resourceVersion": "19702309",
        "selfLink": "/api/v1/namespaces/monitoring",
        "uid": "f5f5dcf2-7316-41d4-9c61-7544a7a181c8"
    },
    "spec": {
        "finalizers": [
            "kubernetes"
        ]
    },
    "status": {
        "conditions": [
            {
                "lastTransitionTime": "2020-02-29T03:22:19Z",
                "message": "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request",
                "reason": "DiscoveryFailed",
                "status": "True",
                "type": "NamespaceDeletionDiscoveryFailure"
            },
            {
                "lastTransitionTime": "2020-02-29T03:22:25Z",
                "message": "All legacy kube types successfully parsed",
                "reason": "ParsedGroupVersions",
                "status": "False",
                "type": "NamespaceDeletionGroupVersionParsingFailure"
            },
            {
                "lastTransitionTime": "2020-02-29T03:22:25Z",
                "message": "All content successfully deleted, may be waiting on finalization",
                "reason": "ContentDeleted",
                "status": "False",
                "type": "NamespaceDeletionContentFailure"
            },
            {
                "lastTransitionTime": "2020-02-29T03:22:38Z",
                "message": "All content successfully removed",
                "reason": "ContentRemoved",
                "status": "False",
                "type": "NamespaceContentRemaining"
            },
            {
                "lastTransitionTime": "2020-02-29T03:22:25Z",
                "message": "All content-preserving finalizers finished",
                "reason": "ContentHasNoFinalizers",
                "status": "False",
                "type": "NamespaceFinalizersRemaining"
            }
        ],
        "phase": "Terminating"
    }
}

删除以下代码段

    "spec": {
        "finalizers": [
            "kubernetes"
        ]
    },

权限问题

修改完成后，直接调用API接口会有报错如下

curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json https://127.0.0.1:6443/api/v1/namespaces/monitoring/finalize
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "namespaces "monitoring" is forbidden: User "system:anonymous" cannot update resource "namespaces/finalize" in API group "" in the namespace "monitoring"",
  "reason": "Forbidden",
  "details": {
    "name": "monitoring",
    "kind": "namespaces"
  },
  "code": 403

此时需要创建匿名用户的权限，命令如下
kubectl create clusterrolebinding test:anonymous --clusterrole=cluster-admin --user=system:annymous

再次调用

删除成功，输出如下
curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json https://127.0.0.1:6443/api/v1/namespaces/monitoring/finalize
{
  "kind": "Namespace",
  "apiVersion": "v1",
  "metadata": {
    "name": "monitoring",
    "selfLink": "/api/v1/namespaces/monitoring/finalize",
    "uid": "f5f5dcf2-7316-41d4-9c61-7544a7a181c8",
    "resourceVersion": "19702309",
    "creationTimestamp": "2019-12-31T07:26:41Z",
    "deletionTimestamp": "2020-02-29T03:22:12Z",
    "annotations": {
      "kubectl.kubernetes.io/last-applied-configuration": "{"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{},"name":"monitoring"}}
"
    }
  },
  "spec": {
    
  },
  "status": {
    "phase": "Terminating",
    "conditions": [
      {
        "type": "NamespaceDeletionDiscoveryFailure",
        "status": "True",
        "lastTransitionTime": "2020-02-29T03:22:19Z",
        "reason": "DiscoveryFailed",
        "message": "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request"
      },
      {
        "type": "NamespaceDeletionGroupVersionParsingFailure",
        "status": "False",
        "lastTransitionTime": "2020-02-29T03:22:25Z",
        "reason": "ParsedGroupVersions",
        "message": "All legacy kube types successfully parsed"
      },
      {
        "type": "NamespaceDeletionContentFailure",
        "status": "False",
        "lastTransitionTime": "2020-02-29T03:22:25Z",
        "reason": "ContentDeleted",
        "message": "All content successfully deleted, may be waiting on finalization"
      },
      {
        "type": "NamespaceContentRemaining",
        "status": "False",
        "lastTransitionTime": "2020-02-29T03:22:38Z",
        "reason": "ContentRemoved",
        "message": "All content successfully removed"
      },
      {
        "type": "NamespaceFinalizersRemaining",
        "status": "False",
        "lastTransitionTime": "2020-02-29T03:22:25Z",
        "reason": "ContentHasNoFinalizers",
        "message": "All content-preserving finalizers finished"
      }
    ]
  }