Debug School

Cover image for Remove Namespace stuck in terminating state
Suyash Sambhare
Suyash Sambhare

Posted on

Remove Namespace stuck in terminating state

Managing terminating states

Your project can get stuck in Terminating states when multiple projects are being managed by RedHat OpenShift Operators. As operators manage the life-cycle of applications, invariably, the stuck-in-terminating problem is often one that you may encounter.
This problem persists even after you confirm that you deleted all resources found by using the oc get all command in the project.

To resolve this issue we need to modify an OpenShift Resource called a namespace, which is synonymous with Red Hat project. We will modify the finalizer in OpenShift, which is a mechanism to inform the Kubernetes control plane that an action needs to take place so the standard Kubernetes garbage logic is performed.

To modify any project/namespace, you need the cluster-admin Role-Based Access Control (RBAC) permission. If you do not have the permission, you get an error like this one:
# oc get namespace
Error from server (Forbidden): namespaces is forbidden: User "suyi" cannot list namespaces at the cluster scope: no RBAC policy matched

Where suyi is your OpenShift username.
Make sure you have the cluster-admin privilege
Ask your OpenShift administrator to grant you the cluster-admin permission with a command like this:
# oc adm policy add-cluster-role-to-user cluster-admin suyi
or
# oc adm policy add-role-to-user admin suyi -n demo-suyi
Where demo-suyi is your namespace/project name.

If you want the admin privilege for the specific namespace that is visible to you, use the following command:
After you are granted a cluster-admin role, you can then run this command:
# oc get namespace

That command lists all the projects that are available in OpenShift. You will see your project in the Terminating state below:
Run the following command to display the content of the problematic namespace:
# oc get -o yaml namespace/demo-suyi

Where demo-suyi is your namespace/project name.
Next, modify that value under finalizers. Remove the line - kubernetes.
However, if you try to edit and save the file directly with the oc edit namespace/demo-suyi command, your finalizer is not updated. Direct editing might not reflect the changes in the namespace.
Instead, you can extract the YAML with the following command:
# oc get namespace demo-suyi -o yaml > demo-suyi-yaml-bkp.yaml

Where demo-suyi is the namespace/project name that you want to delete, and demo-suyi-yaml-bkp is the file name where you want to back up your namespace.
vi the file and remove the value under finalizers.

Namespace

Delete the line with - kubernetes
After deleting the file, the result looks like this. Save the file and exit.
Next, start a temporary local proxy server to let the local server talk to the remote OpenShift cluster. Running the command below starts the temporary proxy process in the background.
# oc proxy &

Load the new YAML via the API using curl.
# curl -k -H "Content-Type: application/yaml" -X PUT --data-binary @demo-suyi-yaml-bkp.yaml http://127.0.0.1:8001/api/v1/namespaces/demo-suyi/finalize

Where demo-suyi is the namespace/project name you want to delete, and demo-suyi-yaml-bkp is the file name for your namespace backup. Note that http://127.0.0.1:8001 is the proxy server that we started above.
Update the namespace object in the OpenShift cluster with HTTP POST
The command above gives a successful response, indicating that you updated the namespace by sending the update request with the file. Alternatively, you can try the oc apply -f demo-suyi-yaml-bkp.yaml command, but this does not always work.

You should no longer see the namespace/project.
# oc get namespace demo-suyi

Great! You have managed to remove the offending project.
To finish off, kill the proxy server with the following command:
# kill -9 %%

Congratulations!! πŸ˜Άβ€πŸŒ«οΈπŸ«…πŸ½πŸͺ…πŸ§†πŸš‚πŸ•³οΈ
You have managed to remove the offending project.

Ref: https://www.redhat.com/sysadmin/openshift-terminating-state

Top comments (0)