@@ -69,6 +69,34 @@ There are three things to check:
6969* Try to manually pull the image to see if the image can be pulled. For example,
7070 if you use Docker on your PC, run ` docker pull <image> ` .
7171
72+
73+ #### My pod stays terminating
74+
75+ If a Pod is stuck in the ` Terminating ` state, it means that a deletion has been
76+ issued for the Pod, but the control plane is unable to delete the Pod object.
77+
78+ This typically happens if the Pod has a [ finalizer] ( /docs/concepts/overview/working-with-objects/finalizers/ )
79+ and there is an [ admission webhook] ( /docs/reference/access-authn-authz/extensible-admission-controllers/ )
80+ installed in the cluster that prevents the control plane from removing the
81+ finalizer.
82+
83+ To identify this scenario, check if your cluster has any
84+ ValidatingWebhookConfiguration or MutatingWebhookConfiguration that target
85+ ` UPDATE ` operations for ` pods ` resources.
86+
87+ If the webhook is provided by a third-party:
88+ - Make sure you are using the latest version.
89+ - Disable the webhook for ` UPDATE ` operations.
90+ - Report an issue with the corresponding provider.
91+
92+ If you are the author of the webhook:
93+ - For a mutating webhook, make sure it never changes immutable fields on
94+ ` UPDATE ` operations. For example, changes to containers are usually not allowed.
95+ - For a validating webhook, make sure that your validation policies only apply
96+ to new changes. In other words, you should allow Pods with existing violations
97+ to pass validation. This allows Pods that were created before the validating
98+ webhook was installed to continue running.
99+
72100#### My pod is crashing or otherwise unhealthy
73101
74102Once your pod has been scheduled, the methods described in
0 commit comments