1#!/usr/bin/env bash
2# Purpose: When cleaning up GCP resources in an Edge instance, KCC can deadlock trying to delete certain resources.
3# In particular, GCP services fail to delete which makes the namespace impossible to delete.
4# After patching off the finalizer you can force delete the resource, allowing the namespace to finish deleting.
5#
6# kubectl get $namespace -o yaml will show what resources remain undeleted
7#
8# Substitute in whatever type of resource in whatever namespace that is causing trouble. However, DO NOT
9# remove the finalizers from Folders and Projects - deleting the folder or project will delete everything in them,
10# which is why the other resources get stuck. Deleting the project with a finalizer will possibly leave the resources
11# requiring manual cleanup.
12
13set -eu
14
15namespace="abcd1234"
16problem_kinds="iamcustomroles gcpservices containernodepools containerclusters secretmanagersecrets" # substitute whatever isnt getting deleted
17dryrun="client" # change when you are sure of the change. other options are none or server
18for kind in $problem_kinds; do
19 objs=$(kubectl get "$kind" -n "$namespace" -o name)
20 if [ -n "$objs" ]; then
21 # shellcheck disable=SC2086
22 # we want the words to be split
23 kubectl patch $objs -p '{"metadata":{"finalizers":[]}}' --type=merge -n "$namespace" --dry-run="$dryrun"
24 fi
25doneView as plain text