NetworkPolicy Finalizers Blocking Deletion in Clusters Step

[t-margheim]

Summary

Calico NetworkPolicy resources are stuck in deletion due to finalizers, preventing the clusters step from completing successfully.

Affected Resources

• CRD: networkpolicies.crd.calico.org
• Specific Resource: default.flightdeck-policy-allow-20251029
• Finalizer: foregroundDeletion

Context

• Step: clusters
• Operation: Delete NetworkPolicy
• Blocker: Finalizer preventing deletion
• Label: app.kubernetes.io/managed-by=ptd-controller

Symptoms

1. NetworkPolicy deletion hangs on the foregroundDeletion finalizer
2. The resource cannot be removed through normal Kubernetes deletion
3. No pods with the label app.kubernetes.io/managed-by=ptd-controller were found

Investigation Findings

• NetworkPolicy is a Calico CRD resource
• The foregroundDeletion finalizer is waiting for dependent resources to be deleted
• No obvious dependent resources (pods) were found with the expected labels
• This is related to ptd-controller managed resources

Manual Fix Applied

The NetworkPolicy was manually deleted to unblock the deletion process for N-Power. Maybe this is enough for now, and we can revisit if this recurs?

Related Issues

This may be related to the ptd-controller namespace finalizer issue, as both involve resources managed by ptd-controller not cleaning up properly.