一、概述
最近部署kubesphere时,使用kubectl delete -f xxx.yaml,再次执行 kubectl apply -f xxx.yaml,提示:
Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": configmaps "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": serviceaccounts "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated Error from server (Forbidden): error when creating "kubesphere-complete-setup.yaml": deployments.apps "ks-installer" is forbidden: unable to create new content in namespace kubesphere-system because it is being terminated
查看命名空间
# kubectl get ns NAME STATUS AGE default Active 15h kube-node-lease Active 15h kube-public Active 15h kube-system Active 15h kubesphere-system Terminating 28m
发现kubesphere-system一直处于Terminating 状态。无法删除命名空间!!
二、解决方法
查看kubesphere-system的namespace描述
kubectl get ns kubesphere-system -o json > kubesphere-system.json
编辑json文件,删除spec字段的内存,因为k8s集群时需要认证的。
vi kubesphere-system.json
将
"spec": { "finalizers": [ "kubernetes" ] },
更改为:
"spec": { },
新开一个窗口运行kubectl proxy跑一个API代理在本地的8081端口
# kubectl proxy --port=8081 Starting to serve on 127.0.0.1:8081
最后运行curl命令进行删除
curl -k -H "Content-Type:application/json" -X PUT --data-binary @kubesphere-system.json http://127.0.0.1:8081/api/v1/namespaces/kubesphere-system/finalize
注意:命令中的kubesphere-system就是命名空间。
输出:
{ "kind": "Namespace", "apiVersion": "v1", "metadata": { "name": "kubesphere-system", "selfLink": "/api/v1/namespaces/kubesphere-system/finalize", "uid": "ba8b8bcd-adf0-4f4f-b6bf-ebab51c00252", "resourceVersion": "72676", "creationTimestamp": "2020-07-09T02:04:37Z", "deletionTimestamp": "2020-07-09T02:09:41Z", "annotations": { "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"v1\",\"kind\":\"Namespace\",\"metadata\":{\"annotations\":{},\"name\":\"kubesphere-system\"}}\n" } }, "spec": { }, "status": { "phase": "Terminating", "conditions": [ { "type": "NamespaceDeletionDiscoveryFailure", "status": "True", "lastTransitionTime": "2020-07-09T02:09:46Z", "reason": "DiscoveryFailed", "message": "Discovery failed for some groups, 1 failing: unable to retrieve the complete list of server APIs: metrics.k8s.io/v1beta1: the server is currently unable to handle the request" }, { "type": "NamespaceDeletionGroupVersionParsingFailure", "status": "False", "lastTransitionTime": "2020-07-09T02:09:47Z", "reason": "ParsedGroupVersions", "message": "All legacy kube types successfully parsed" }, { "type": "NamespaceDeletionContentFailure", "status": "False", "lastTransitionTime": "2020-07-09T02:09:47Z", "reason": "ContentDeleted", "message": "All content successfully deleted" } ] } }
再次查看命名空间
# kubectl get ns NAME STATUS AGE default Active 15h kube-node-lease Active 15h kube-public Active 15h kube-system Active 15h
发现kubesphere-system命名空间已经消失了。
最后再次执行 kubectl apply -f xxx.yaml,就正常了。
本文参考链接:
https://blog.csdn.net/tongzidane/article/details/88988542