엉뚱한 녀석의 블로그 [quirky guy's Blog]

Resolving Installation Conflicts Caused by Undeleted Resources in Kubernetes

제공

black K
,

When operating a Kubernetes cluster, you may encounter situations where deploying a new add-on or application fails because resources from a previous installation were not completely removed.

A common culprit is leftover Webhook resources such as MutatingWebhookConfiguration or ValidatingWebhookConfiguration. Since these components intercept API requests to validate or mutate resources, their presence can cause unexpected errors during new deployments.

Symptoms

  • Helm chart or manifest installation fails.
  • kubectl apply cannot create resources because an old webhook intercepts the request.
  • Webhook configurations from already removed add-ons (e.g., Istio, ArgoCD, Gatekeeper) remain in the cluster.

1. Check for Leftover Webhook Resources

Start by listing existing webhook configurations in the cluster:

# Check Mutating Webhooks
kubectl get mutatingwebhookconfiguration

# Check Validating Webhooks
kubectl get validatingwebhookconfiguration

Example output:

NAME                        WEBHOOKS   AGE
istio-sidecar-injector      2          5d
argo-validate-config        1          10d

2. Remove Unnecessary Resources

If the add-on has already been uninstalled, these resources can safely be removed:

# Delete MutatingWebhookConfiguration
kubectl delete mutatingwebhookconfiguration <resource-name>

# Delete ValidatingWebhookConfiguration
kubectl delete validatingwebhookconfiguration <resource-name>

Example:

kubectl delete mutatingwebhookconfiguration istio-sidecar-injector
kubectl delete validatingwebhookconfiguration argo-validate-config

3. Additional Cleanup Targets

Besides webhooks, other leftover resources may also block deployments, including:

  • CustomResourceDefinition (CRD)
  • ValidatingAdmissionPolicy
  • APIService
  • Namespace stuck in a Terminating state

You can remove them with:

kubectl get crd | grep <addon-name>
kubectl delete crd <crd-name>

kubectl get apiservice
kubectl delete apiservice <apiservice-name>

Conclusion

  • Undeleted Kubernetes resources often cause conflicts when deploying new add-ons or applications.
  • Webhook configurations (MutatingWebhookConfiguration / ValidatingWebhookConfiguration) are among the most common causes of failed installations.
  • By identifying and cleaning up these leftover resources, you can ensure smooth reinstallation or upgrades.
ⓒ 2025 엉뚱한 녀석의 블로그 [quirky guy's Blog]. 본문 및 이미지를 무단 복제·배포할 수 없습니다. 공유 시 반드시 원문 링크를 명시해 주세요.
ⓒ 2025 엉뚱한 녀석의 블로그 [quirky guy's Blog]. All rights reserved. Unauthorized copying or redistribution of the text and images is prohibited. When sharing, please include the original source link.

🛠 마지막 수정일: 2025.09.22

코멘트

답글 남기기