Rke2集群中helm 安装rancher报错

yizhishang · 2023 年2 月 12 日 06:41

环境信息:
RKE2 版本:
rke2 version v1.24.10+rke2r1 (1ccdce2571291649b9414af1f269f645c3fe4002)
go version go1.19.5 X:boringcrypto

节点 CPU 架构，操作系统和版本：
3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

集群配置:
1 servers, 2 agents

问题描述:
rke2创建集群后，通过helm安装rancher:v2.7.1报错无法卸载
cattle-sytem空间无法删除

{
“apiVersion”: “v1”,
“kind”: “Namespace”,
“metadata”: {
“annotations”: {
“cattle.io/status”: “{“Conditions”:[{“Type”:“ResourceQuotaInit”,“Status”:“True”,“Message”:”",“LastUpdateTime”:“2023-02-11T15:29:49Z”},{“Type”:“InitialRolesPopulated”,“Status”:“True”,“Message”:"",“LastUpdateTime”:“2023-02-11T15:29:55Z”}]}",
“field.cattle.io/projectId”: “local:p-98zdq”,
“lifecycle.cattle.io/create.namespace-auth”: “true”,
“management.cattle.io/no-default-sa-token”: “true”
},
“creationTimestamp”: “2023-02-11T15:12:17Z”,
“deletionGracePeriodSeconds”: 0,
“deletionTimestamp”: “2023-02-11T16:20:14Z”,
“finalizers”: [
“controller.cattle.io/namespace-auth”
],
“labels”: {
“field.cattle.io/projectId”: “p-98zdq”,
“kubernetes.io/metadata.name”: “cattle-system”,
“name”: “cattle-system”
},
“name”: “cattle-system”,
“resourceVersion”: “56417”,
“uid”: “a22eabc3-af4f-4f88-94c7-065be64fffe2”
},
“spec”: {},
“status”: {
“conditions”: [
{
“lastTransitionTime”: “2023-02-12T05:43:18Z”,
“message”: “All resources successfully discovered”,
“reason”: “ResourcesDiscovered”,
“status”: “False”,
“type”: “NamespaceDeletionDiscoveryFailure”
},
{
“lastTransitionTime”: “2023-02-11T16:20:22Z”,
“message”: “All legacy kube types successfully parsed”,
“reason”: “ParsedGroupVersions”,
“status”: “False”,
“type”: “NamespaceDeletionGroupVersionParsingFailure”
},
{
“lastTransitionTime”: “2023-02-11T16:20:22Z”,
“message”: “All content successfully deleted, may be waiting on finalization”,
“reason”: “ContentDeleted”,
“status”: “False”,
“type”: “NamespaceDeletionContentFailure”
},
{
“lastTransitionTime”: “2023-02-11T16:20:22Z”,
“message”: “Some resources are remaining: rolebindings.rbac.authorization.k8s.io has 1 resource instances, roles.rbac.authorization.k8s.io has 1 resource instances”,
“reason”: “SomeResourcesRemain”,
“status”: “True”,
“type”: “NamespaceContentRemaining”
},
{
“lastTransitionTime”: “2023-02-11T16:20:22Z”,
“message”: “Some content in the namespace has finalizers remaining: wrangler.cattle.io/auth-prov-v2-rb in 1 resource instances, wrangler.cattle.io/auth-prov-v2-role in 1 resource instances”,
“reason”: “SomeFinalizersRemain”,
“status”: “True”,
“type”: “NamespaceFinalizersRemaining”
}
],
“phase”: “Terminating”
}
}

yizhishang · 2023 年2 月 12 日 07:06

#!/bin/bash
set -ex
PATH=$PATH:.
NAMESPACE=$1    # 读取命令行第一个参数
kill -9  $(ps -ef|grep proxy|grep -v grep |awk '{print $2}')
kubectl proxy --port=6880 &
kubectl get namespace ${NAMESPACE} -o json |jq '.spec = {"finalizers":[]}' > namespace.json
curl -k -H  "Content-Type: application/json"  -X  PUT --data-binary @namespace.json 127.0.0.1:6880/api/v1/namespaces/${NAMESPACE}/finalize

这种方式也试过，无效

ksd · 2023 年2 月 13 日 02:58

如果想要卸载 local 集群上搭建的 rancher，通常我是建议重新搭建 local 集群，这样省时又省力。

如果非得原来的 local 集群比较重要，无法重新搭建，可参考：GitHub - rancher/rancher-cleanup 进行卸载 rancher 的资源。

按照你上面的描述，采用了错误的方法去卸载导致 rancher ns 无法删除，那只能想办法处理 ns 的关联关系然后去卸载了，这和你删除一个普通的 ns 删不掉是一个道理，你也可以参考：强制删除 Terminating 状态的 namespace | IT老男孩