1#!/usr/bin/env bash
2# Purpose: When cleaning up GCP resources in an Edge instance, KCC can deadlock trying to delete certain resources.
3# In particular, GCP services fail to delete which makes the namespace impossible to delete.
4# After patching off the finalizer you can force delete the resource, allowing the namespace to finish deleting.
5#
6# kubectl get $namespace -o yaml will show what resources remain undeleted
7#
8# Substitute in whatever type of resource in whatever namespace that is causing trouble. However, DO NOT
9# remove the finalizers from Folders and Projects - deleting the folder or project will delete everything in them,
10# which is why the other resources get stuck. Deleting the project with a finalizer will possibly leave the resources
11# requiring manual cleanup.
12
13set -eu
14
15problem_kinds="iamserviceaccountkeys" # substitute whatever isnt getting deleted
16nss=""
17dryrun="none" # change when you are sure of the change. other options are none or server
18nss=$(kubectl get namespace -o go-template='{{range .items}}{{.metadata.name}} {{end}}')
19#problem_kinds=$(kubectl get crd -o go-template='{{range .items}}{{if .metadata.deletionTimestamp}}{{.metadata.name}} {{end}}{{end}}') # uncomment to auto get temrinating crds
20
21echo "terminating namespaces $nss"
22echo "terminating crd $problem_kinds"
23for ns in $nss; do
24 for kind in $problem_kinds; do
25 objs=$(kubectl get "$kind" -n "$ns" -o name)
26 if [ -n "$objs" ]; then
27 # shellcheck disable=SC2086
28 # we want the words to be split
29 kubectl patch $objs -p '{"metadata":{"finalizers":[]}}' --type=merge -n "$ns" --dry-run="$dryrun"
30 fi
31 done
32doneView as plain text