No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

are there any custom resources in that namespace?

<@UDEJ1F5SQ> , first run I created a service account and namespace, second run I wanted to remove them and then it got stuck. 

You removed them with Pulumi or something else?

<@UCWG26BH7> , not anyone that I’ve added. But that is what “fixes” it. Add the config for the namespace and remove the finalizer. It is the “kubernetes” finalizer just likes described in the SO post. 

<@UDEJ1F5SQ>, everything was done by pulumi as part of an automation. 

To remove the namespace with kubectl I have to do what is mentioned in the SO post and remove the finalizer. I don’t even know how the finalizer got there or what it does :upside_down_face:

are you sure there isn't an operator (ie something outside of pulumi) creating something in the namespace?

the kubernetes finalizer is the default: <https://book.kubebuilder.io/reference/using-finalizers.html>

It is a pretty clean cluster that I’ve created for demo purposes. So nothing else. Could it be that when I add a service account it also adds a secret in the namespace?

the sa does have a default secret which is the token, but that shouldn't be the thing

is it EKS? generally you have to look at the controller logs to figure this out

The service account was also added with pulumi, so I hope pulumi will clean the secret app when the service account is deleted...

Not at the computer right now, but if I get some pointers to what I should check I can try to do it when I have time. Hopefully later today. 

I’ll also try to create a smaller reproduction if possible. 

try this
```kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found &lt;namespace&gt;```

<@UCWG26BH7>, the error I see is

&gt; error: unable to retrieve the complete list of server APIs: <http://metrics.k8s.io/v1beta1|metrics.k8s.io/v1beta1>: the server is currently unable to handle the request

(I think your command was slightly wrong, was missing `-n` before `&lt;namespace&gt;`)

I wonder if I have not enough resources that is causing issues.

I'm pretty sure that it had to do with not enough resources. Since I did create the cluster with some metrics and other stuff, two nodes might not have been enough. Creating the cluster again with three nodes and I have no problem with deleting a namespace.