SUSE Support

Here When You Need Us

Rancher pods in CrashLoopBackOff state with log messages "panic: indexer conflict: map[byPod:{}]" and "namespaces not found"

This document (000021302) is provided subject to the disclaimer at the end of this document.

Environment

Rancher v2.6.x or v2.7.x
A cluster Namespace in the Rancher local cluster that has been forcibly removed by removing the Kubernetes finalizer

Situation

The Rancher UI is not accessible and the Rancher pods are in a CrashLoopBackOff state due to a panic, with the log message "panic: indexer conflict: map[byPod:{}]".

Rancher pods logs contain resource and namespace not found errors related to the forcibly deleted cluster Namespace: 
[ERROR] error syncing 'c-g4k52/m-c6n6g': handler node-controller: namespaces "c-g4k52 " not found, handler node-controller-sync: namespaces "c-g4k52 " not found
[ERROR] error syncing 'c-g4k52/m-6j6pk': handler node-controller: namespaces "c-g4k52 " not found, handler node-controller-sync: namespaces "c-g4k52 " not found,
[ERROR] error syncing 'c-g4k52/m-zx6qg': handler node-controller: namespaces "c-g4k52 " not found, handler node-controller-sync: namespaces "c-g4k52 " not found,
  
[ERROR] error syncing 'c-g4k52/creator-cluster-owner': handler mgmt-auth-crtb-controller: clusters.management.cattle.io "c-g4k52 " not found, requeuing
[ERROR] error syncing 'p-d6hvn/creator-project-owner': handler mgmt-auth-prtb-controller: clusters.management.cattle.io "c-g4k52 " not found, requeuing
[ERROR] error syncing 'p-ch66s/creator-project-owner': handler mgmt-auth-prtb-controller: clusters.management.cattle.io "c-g4k52 " not found, requeuing
  
 [ERROR] error syncing 'c-g4k52/c-g4k52-fleet-default-owner': handler mgmt-auth-crtb-controller: failed to remove finalizer on controller.cattle.io/mgmt-auth-crtb-controller, requeuing
 [ERROR] error syncing 'c-g4k52/c-g4k52-rl-f62qq': handler etcdbackup-controller: failed to remove finalizer on controller.cattle.io/etcdbackup-controller, requeuing

 

Resolution

Remove all of the orphaned resources in the now-deleted cluster Namespace by following the process documented at https://www.suse.com/support/kb/doc/?id=000020788

In this example, the problematic deleted cluster identified from the Rancher logs has the cluster ID and Namespace c-g4k52.

Cause

Orphaned resources within Namespaces for a now-deleted cluster exist as a result of the forced removal of the Kuberetes Namespace, due to the manual removal of the Kubernetes finalizer from the Namespace when it is stuck in a terminating state. The Kubernetes finalizer should never be removed from a Namespace and the following procedure can be used to remove a Namespace stuck in a terminating state:
https://www.suse.com/es-es/support/kb/doc/?id=000021065

Additional Information

  • Remove namespace stuck in terminating state
https://www.suse.com/es-es/support/kb/doc/?id=000021065
  • How to clean orphan cluster objects
https://www.suse.com/support/kb/doc/?id=000020788

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021302
  • Creation Date: 20-Dec-2023
  • Modified Date:07-Feb-2024
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center