- 创建模拟项目。
$ oc new-project finalizer-example
- 创建内容如下的test-secret.yaml文件,其中定义了一个Secret类型的对象。
apiVersion: v1
kind: Secret
metadata:
name: test-secret
finalizers:
- kubernetes.io/finalizer-example
stringData:
sensitiveKey: sensitiveValue
- 创建Secret对象。
$ oc create -f test-secret.yaml
- 删除finalizer-example项目,返回项目被删。
$ oc delete namespace finalizer-example --wait=false
namespace "finalizer-example" deleted
- 不过查看finalizer-example项目状态,此时项目还处于“Terminating”状态。
$ oc get namespace finalizer-example
NAME STATUS AGE
finalizer-example Terminating 15m
- 查看项目的当前详细情况。从’Some resources are remaining: secrets. has 1 resource instances’的提示可确认是由于项目中还有一个secret,所以项目无法被删除掉。
$ oc get namespace finalizer-example -o yaml
apiVersion: v1
kind: Namespace。
。。。
spec:
finalizers:
-- kubernetes
status:
conditions:
-- lastTransitionTime: "2020-08-21T14:50:49Z"
message: All resources successfully discovered
reason: ResourcesDiscovered
status: "False"
type: NamespaceDeletionDiscoveryFailure
-- lastTransitionTime: "2020-08-21T14:50:49Z"
message: All legacy kube types successfully parsed
reason: ParsedGroupVersions
status: "False"
type: NamespaceDeletionGroupVersionParsingFailure
-- lastTransitionTime: "2020-08-21T14:50:49Z"
message: All content successfully deleted, may be waiting on finalization
reason: ContentDeleted
status: "False"
type: NamespaceDeletionContentFailure
-- lastTransitionTime: "2020-08-21T14:50:49Z"
message: 'Some resources are remaining: secrets. has 1 resource instances'
reason: SomeResourcesRemain
status: "True"
type: NamespaceContentRemaining
-- lastTransitionTime: "2020-08-21T14:50:49Z"
message: 'Some content in the namespace has finalizers remaining: kubernetes.io/finalizer-example in 1 resource instances'
reason: SomeFinalizersRemain
status: "True"
type: NamespaceFinalizersRemaining
phase: Terminating
- 查看finalizer-example项目中包括的所有对象向。我们可以看到除了test-secret对象外,还有很多其他隐含对象。
$ oc api-resources --verbs=list --namespaced -o name | xargs -n 1 oc get --show-kind --ignore-not-found -n finalizer-example
NAME TYPE DATA AGE
secret/test-secret Opaque 1 45s
NAME CATALOG AGE
packagemanifest.packages.operators.coreos.com/openshiftxray-operator Certified Operators 6d13h
packagemanifest.packages.operators.coreos.com/kong-offline-operator Certified Operators 6d13h
packagemanifest.packages.operators.coreos.com/argocd-operator Community Operators 6d13h
packagemanifest.packages.operators.coreos.com/jaeger-product Red Hat Operators 6d13h
...
- 由于所有对象都存放在Etcd中,因此我们可以进入运行Etcd的Pod中。
$ oc rsh -n openshift-etcd $(oc get pods -n openshift-etcd -o=jsonpath='{.items[0].metadata.name}')
Defaulting container name to etcdctl.
Use 'oc describe pod/etcd-ip-10-0-139-90.ap-southeast-1.compute.internal -n openshift-etcd' to see all of the containers in this pod.
- 查询Etcd中finalizer-example项目下的资源,确认查询到“test-secret”。
sh-4.2# for r in `etcdctl get / --prefix --keys-only | grep "^/.*/.*/finalizer-example/.*"`; do echo "Resource: '$(echo $r | cut -d"/" -f 3)' - Name: '$(echo $r | cut -d"/" -f 5)'"; done
Resource: 'secrets' - Name: 'test-secret'
- 手动删除test-secret对象中的finalizers中的内容。
$ oc patch secret test-secret -n finalizer-example -p '{"metadata":{"finalizers":[]}}' --type=merge
secret/test-secret patched
- 确认此时finalizer-example项目已经被删除掉。
$ oc get namespace finalizer-example
Error from server (NotFound): namespaces "finalizer-example" not found
- 如果finalizer-example项目还没有被删除,可以执行以下操作删除finalizer-example项目。
将finalizer-example项目配置导出文件。
$ oc get project finalizer-example -o json > finalizer-example.json
编辑finalizer-example.json文件,删除"finalizers"的内容。
{
"apiVersion": "v1",
"kind": "Namespace",
"metadata": {
...
"name": "finalizer-example",
...
},
"spec": {
"finalizers": []
},
"status": {
...
}
}
然后执行命令,将修改后的finalizer-example.json提价到OpenShift中即可。
$ curl -k -H "Content-Type: application/json" -H "Authorization: Bearer $(oc whoami -t)" -X PUT --data-binary @finalizer-example.json $(oc whoami --show-server)/api/v1/namespaces/finalizer-example/finalize
613
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
