Edit

Share via

Can't fully delete AKS Arc cluster with PodDisruptionBudget (PDB) resources

  • Article

> Applies to: Azure Local, version 23H2, AKS Edge Essentials

When you delete an AKS Arc cluster that has PodDisruptionBudget (PDB) resources, the deletion might fail to remove the PDB resources. By default, PDB is installed in the workload identity-enabled AKS Arc cluster.

Workaround

Before you delete the AKS Arc cluster, access the AKS Arc cluster's kubeconfig and delete all PDBs:

  1. Access the AKS Arc cluster according to its connectivity state:

    • When the AKS Arc cluster is in a Connected state, run the az connectedk8s proxy command

      az connectedk8s proxy -n $aks_cluster_name -g $resource_group_name

    • When the AKS Arc cluster is in a disconnected state, run the az aksarc get-credentials command with permission to perform the Microsoft.HybridContainerService/provisionedClusterInstances/listAdminKubeconfig/action action, which is included in the Azure Kubernetes Service Arc Cluster Admin role permission. For more information, see Retrieve certificate-based admin kubeconfig in AKS Arc.

      az aksarc get-credentials -n $aks_cluster_name -g $resource_group_name --admin

  2. Verify PDB:

    kubectl get pdb -A

  3. Delete all PDBs. The following command is an example of deleting a PDB generated from workload identity enablement:

    kubectl delete pdb azure-wi-webhook-controller-manager -n arc-workload-identity

  1. Delete the AKS Arc cluster:

    az aksarc delete -n $aks_cluster_name -g $resource_group_name

Next steps

Known issues in AKS enabled by Azure Arc