All Products
Search
Document Center

Troubleshoot the Failure to Delete an ACK Cluster

Last Updated: Jul 22, 2021

Problem description

In the Container Service for Kubernetes (ACK) console, an ACK cluster failed to be deleted, and the Resource DELETE failed error message appeared.

Note: In this example, a vSwitch in a virtual private cloud (VPC) failed to be deleted. For information about other error messages, see the More information section in this document.

Cause

External resources are dependent on the ACK cluster. For example, a VPC instance is created in the Resource Orchestration Service (ROS) console, and a vSwitch is manually created in the VPC instance in the VPC console. In this case, ROS has no permissions to delete the manually created vSwitch. When you delete the ACK cluster in the ACK console, the VPC instance cannot be released, and the ACK cluster fails to be deleted.

Solutions

You can use the following two solutions to resolve the failure to delete an ACK cluster based on actual scenarios. In this example, the first solution is used.

  • Delete the dependencies of the external resources on the ACK cluster. For more information, see the following steps.
  • When you delete the ACK cluster, choose to reserve the external resources.
  1. Log on to the ROS console and click the stack ID of the ACK cluster that failed to be deleted.
  2. On the Stack Information tab, click the Resources tab to view the resources whose status is Deletion Failed. Verify that the vSwitch failed to be deleted.
  3. Log on to the VPC console and click the ID of the VPC instance used by the ACK
  4. The details page of the VPC instance On the Resources tab, click the number below vSwitch.
  5. On the vSwitch page, find the vSwitch that you want to delete and click Delete in the Actions column. Verify that the vSwitch is deleted.

    An error appears if the switch is deleted, release the resources attached to the vSwitch and delete the vSwitch again. For more information, see You cannot release the vSwitch resources of a VPC-type instance.

  1. Verify that the ACK cluster is deleted in the ACK console.

References

More information

The following table describes the error messages, and corresponding causes and solutions. You can fix issues by using the solution that corresponds to a specific error message.

Error message

Cause

Solution

Resource DELETE failed: ResponseException: resources.k8s_sg: There is still instance(s) in the specified security group. Code: DependencyViolation RequestId: 79A20177-2D76-4F71-A919-C3343EAD75CF:

 

External instances, such as an Elastic Compute Service (ECS) instance, an elastic network interface (ENI), and a VPC, are dependent on the security group.

Select the corresponding solution based on actual scenarios.

·         An ECS instance is dependent on the security group. Remove the ECS instance from the security group. For more information, see Remove an instance from a security group.

·         An ENI or a VPC is dependent on the security group.

o    Delete the ENI that is dependent on the security group. For more information, see Delete an ENI.

o    Release the VPC that is dependent on the security group. For more information, see Delete a VPC network.

Resource DELETE failed: ReleaseResourceException: resources.KubernetesWorkerRole: code: ReleaseInstanceError, message: Release resource \"The role KubernetesWorkerRole-03c94d28-b79a can not deleted because policy AliyunECSAccessingHBRRolePolicy of this role is not created by ROS and should be deleted manually.\" failed.

The AliyunECSAccessingHBRRolePolicy policy of a RAM role is manually modified.

Manually remove the AliyunECSAccessingHBRRolePolicy policy from the RAM role. For more information, see Remove permissions from a RAM role.

Resource DELETE failed: ResponseException: resources.k8s_NAT_Gateway_Bind_Eip: The removed ip address has been used by snat table. Code: InvalidIpStatus.HasBeenUsedBySnatTable RequestId: E05DEAB0-F528-4074-BA31-282212EE146A:

The source network address translation (SNAT) entry of the VPC is dependent on the elastic IP address (EIP).

Remove the SNAT entry that is dependent on the EIP. For more information, see the content related to the issue where SNAT entries of NAT gateways are not released in the You cannot release the vSwitch resources of a VPC-type instance topic.

Resource DELETE failed: ResponseException: resources.k8s_NAT_Gateway: There are Eips on specified NatGateway, please unbind it first. Code: DependencyViolation.EIPS RequestId: 8E324382-D859-435E-9A47-8C919A3B4A67

The network address translation (NAT) gateway is associated with an EIP.

Find the NAT gateway that is associated with the EIP and disassociate the EIP from the NAT gateway. For more information, see Disassociate an EIP from a cloud resource.

Resource DELETE failed: ResponseException: resources.k8s_master_slb_Eip: Current elastic IP status does not support this operation. Code: IncorrectEipStatus RequestId: CACD8D0A-E9EB-40D6-8085-926ADCC4898F

You cannot delete an EIP in the binding or unbinding state.

Verify that the EIP is in the available or allocated state before you delete the EIP.

Resource DELETE failed: ResponseException: resources.k8s_vswitch: Specified object has dependent resources. Code: DependencyViolation RequestId: AFECB3CF-2E7B-4CE6-84BE-B6281415B509:

Resources outside the cluster are dependent on the vSwitch.

Perform the following steps:

1.    View the vSwitch on which resources outside the cluster are dependent. For more information, see the View resource users of a shared vSwitch section of the Add a shared vSwitch and a resource user topic.

2.    Remove the vSwitch on which resources outside the cluster are dependent. For more information, see the Remove a resource user from a shared vSwitch section of the Add a shared vSwitch and a resource user topic.

Resource DELETE failed: ResponseException: resources.k8s_vpc: Specified object has dependent resources SecurityGroup. Code: DependencyViolation.SecurityGroup RequestId: 92165FA2-8813-4CBE-864D-B10685F7E9BA

Security groups outside the cluster are dependent on the VPC.

Delete the security groups outside the cluster. For more information, see Delete security groups.

Resource DELETE failed: ResponseException: resources.k8s_master_slb_listener: Locked for any Business Reason. Code: ActionNotAllowed RequestId: 58B0C379-D85F-4CE7-9480-B96DAF171D39

Your Alibaba Cloud account has overdue payments.

Add funds to your Alibaba Cloud account before you delete resources.

Resource DELETE failed: ResponseException: resources.k8s_nodes_sg: Ess should be authorized in ram to operate user resource. Code: UserNotAuthorizeEss RequestId: 3BA6D98F-1744-44FB-BCDA-9D9015A106AB:

Permissions are not granted to the RAM role for Auto Scaling.

Use a RAM role to manually grant permissions to Auto Scaling. For more information, see Grant permissions to a RAM role.

Failed to delete cluster with Aliyun API Error: RequestId: 70590904-CA88-438F-ACE7-E5108E76DAA1 Status Code: 400 Code: Forbidden.FinancialLocked Message: The ip business status is invalid.

Your Alibaba Cloud account has overdue payments.

Add funds to your Alibaba Cloud account before you delete resources.

Applicable scope

  • ACK