-
Notifications
You must be signed in to change notification settings - Fork 38.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom resources with finalizers can "deadlock" customresourcecleanup.apiextensions.k8s.io finalizer #60538
Comments
This comment was marked as outdated.
This comment was marked as outdated.
An integration test for this would be a nice addition and a good task for new contributors. @xmudrii can you work on this as your first issue? You can base your test on top of @liggitt's PR above. Here are some things that can help you get started:
Feel free to ping me on Slack if you need any help with this! :) |
@nikhita This sounds good to me. Thank you so much! I'll take this one and I'll try to put up a PR soon. |
What's the priority on this? High enough to push for current milestone? |
Yes. The PR will be picked to existing release branches as well |
Automatic merge from submit-queue (batch tested with PRs 60542, 60237). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Allow update/patch of CRs while CRD is terminating Fixes #60538 Update/patch need to be allowed so finalizers can act on custom resources for terminating CRDs ```release-note Fixes potential deadlock when deleting CustomResourceDefinition for custom resources with finalizers ```
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Also uses removed finalizers before deleting crds. kubernetes/kubernetes#60538
Experienced the same issue (invalid json) on Windows. Switching to execute on Linux works. |
I was having issue with AgroCD's "applications.argoproj.io" crd. I accidently deleted the namespace and now this CRD is not getting deleted. This work around worked like a charm. Thank you !
|
Manually removing the finalizer from the CRD is strongly discouraged, since it can leave orphaned custom resource data in etcd. Were you unable to remove the finalizers from the custom resources without short-circuiting the CRD cleanup? Do you have any logs or captured output of the attempts to do that? |
When I accidently deleted the namespace, I tried to find finalizers in the crd, but there was no such parameter in the crd. So I executed the patch command, then it got deleted. Then again I deployed this crd, and could not delete it again. Then I tried to edit it and was able to find the finalizer and I edited it. Now all are working fine. I'm not sure which logs I can provide you, if you can explain I'll be able to provide it. I'm trying this in my test cluster. |
HI. I'm not sure why did you close that. Could you point me where is the solution, please? In my dev I had a problem with As I don't have too much time to dig, I just removed the cluster :) LOL - and it worked :D hahahahaha Seriously - it there better solution to remove deadlock customresource (or in general any resource) ? Thank You. |
!!!! IMPORTANT !!!! This issue is still happening in 1.20.15_1568 former FIX from @liggitt still works: remove the CRD finalizer blocking on custom resource cleanup kubectl patch crd/name-of-the-CRD -p '{"metadata":{"finalizers":[]}}' --type=merge |
I'll echo the warning and question from above:
The reason the finalizer is not being removed from the CRD automatically is that the custom resource instances are still there. |
I do not see any information on how to apply this: Were you unable to remove the finalizers from the custom resources without short-circuiting the CRD cleanup? |
apiVersion: mygroup.example.com/v1
kind: MyCustomType
metadata:
name: foo
deletionTimestamp: 2022-01-12T15:46:38Z
finalizers:
- myfinalizer.example.com
...
That will unblock deletion of those instances, which will unblock deletion of the CRD |
Thx for the commands. It is interesting, that it seems this does not unblock the deletion, maybe I forgot some custom resources, but I do not think so. Indeed after some time overwriting the finalizer on the CRD solves the problem. Is there a way to see remaining etcd entries via kubectl? |
Addition: I definitely forgot some custom resources. After removing the finalizers from all custom ressources of the CRD, the deletion has been unblocked! Thx again @liggitt . There should be a feature, having a kubectl comand that:
something like a force delete from the client side. do you think this is necessary? |
I'm pretty opposed to building in a footgun like that to kubectl... there's no telling what force-removing the finalizers will leak/break in the controllers that added them |
it would probably be useful to improve the status reported on the CRD about which specific custom resource instances remain that are blocking the deletion (https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiextensions-apiserver/pkg/controller/finalizer/crd_finalizer.go#L232-L253) |
yeah I got that, atm this issue should not be closed, because the deadlock in theory still could exist. I am also thinking of something like a more sophisticated garbage collection, that invovles backtracing kubernetes objects from the point of creation and takes the deletion time stamps into account etc. ah yes this is what I meant with that
|
This issue was specifically about a bug in the API server that would prevent updates to the CR objects:
|
Still hitting deadlock in cert-manager v1.7.1 in Kubernetes v1.23.3 |
yes of course, I did not see any new issue for the deadlock that still is happening or any updates within a pull request for a suitable solution. @liggitt any news? |
After executed patch command I am getting following error. can anyone help me to force delete CRD.
My CRD |
/kind bug
/sig api-machinery
/assign @sttts @nikhita
As soon as the CRD enters InstanceDeletionInProgress, writes to custom resource objects are disallowed.
That means the finalizer cannot be removed, and the custom resource cannot be deleted, which blocks deletion of the CRD.
crd.yaml:
The text was updated successfully, but these errors were encountered: