Namespace stucks in "Terminating" state in vSphere with Tanzu Workload Management with NSX-ALB integration
search cancel

Namespace stucks in "Terminating" state in vSphere with Tanzu Workload Management with NSX-ALB integration

book

Article ID: 374400

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

  • vCenter UI - Workload Management - Namespaces, namespace status stucks in Deleting state.
  • kubectl get ns | grep <namespace name> shows terminating status.
  • kubectl api-resources --namespaced -o name | paste -d ',' -s | xargs kubectl get -n <namespace> shows only service and corresponding gateway objects.
  • NSX-ALB controller certificate expired.

Environment

vSphere with Tanzu 8.0

Cause

Ako pod failed to connect to Avi Controller causing gateway object deletion failed.

Resolution

Fix the ako to Avi Controller connectivity issue following How to renew SSL certificates for AVI Loadbalancer and vSphere with Tanzu

Regenerate new Avi Controller certificates.

  1. Login to AVI UI
  2. Go to Templates >  Security > TLS certificate
  3. Create new certificate (controller certificate), make sure to include IP address information in SAN field
  4. Then copy the certificate
  5. Go to Administration > Settings > Access settings
  6. Edit with the pencil: and change the ssl/TLS certificate with the new certificate generated

Replace Supervisor configuration with new certificates.

  1. Login to vSphere UI
  2. Cluster> Configure > Supervisor Cluster > Loadbalancer> edit Certificate, input preciously copied certificate information

Restart ako pod.

  1. kubectl get pods -A | grep -i ako
  2. kubectl delete pod vmware-system-ako-ako-controller-manager-XXXX -n vmware-system-ako

The stuck gateway and service object will be automatically removed as well as namespaces.

Additional Information

Powered by Wolken Software