一、概述
最近部署kubesphere时,使用kubectl delete -f xxx.yaml,再次执行 kubectl apply -f xxx.yaml,提示:
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": configmaps "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": serviceaccounts "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": deployments.apps "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated
查看命名空间
# kubectl get ns
NAME STATUS AGE
default Active 15h
kube-node-lease Active 15h
kube-public Active 15h
kube-system Active 15h
kubesphere-system Terminating 28m
发现kubesphere-system一直处于Terminating 状态。无法删除命名空间!!
二、解决方法
查看kubesphere-system的namespace描述
kubectl get ns kubesphere-system -o json > kubesphere-system.json
编辑json文件,删除spec字段的内存,因为k8s集群时需要认证的。
vi kubesphere-system.json
将
"spec": {
"finalizers": [
"kubernetes"
]
},
更改为:
"spec": {
},
新开一个窗口运行kubectl proxy跑一个API代理在本地的8081端口
# kubectl proxy --port=8081
Starting to serve on 127.0.0.1:8081
最后运行curl命令进行删除
curl -k -H "Content-Type:application/json" -X PUT --data-binary @kubesphere-system.json http://127.0.0.1:8081/api/v1/namespaces/kubesphere-system/finalize
注意:命令中的kubesphere-system就是命名空间。
输出:
{
"kind": "Namespace",
"apiVersion": "v1",
"metadata": {
"name": "kubesphere-system",
"selfLink": "/api/v1/namespaces/kubesphere-system/finalize",
"uid": "ba8b8bcd-adf0-4f4f-b6bf-ebab51c00252",
"resourceVersion": "72676",
"creationTimestamp": "2020-07-09T02:04:37Z",
"deletionTimestamp": "2020-07-09T02:09:41Z",
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"name\":\"kubesphere-system\"}}\n"
}
},
"spec": {
},
"status": {
"phase": "Terminating",
"conditions": [
{
"type": "NamespaceDeletionDiscoveryFailure",
"status": "True",
"lastTransitionTime": "2020-07-09T02:09:46Z",
"reason": "DiscoveryFailed",
"message": "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request"
},
{
"type": "NamespaceDeletionGroupVersionParsingFailure",
"status": "False",
"lastTransitionTime": "2020-07-09T02:09:47Z",
"reason": "ParsedGroupVersions",
"message": "All legacy kube types successfully parsed"
},
{
"type": "NamespaceDeletionContentFailure",
"status": "False",
"lastTransitionTime": "2020-07-09T02:09:47Z",
"reason": "ContentDeleted",
"message": "All content successfully deleted"
}
]
}
}
View Code
再次查看命名空间
# kubectl get ns
NAME STATUS AGE
default Active 15h
kube-node-lease Active 15h
kube-public Active 15h
kube-system Active 15h
发现kubesphere-system命名空间已经消失了
最后再次执行 kubectl apply -f xxx.yaml,就正常了.