mirror of https://github.com/hashicorp/consul
116 lines
5.3 KiB
Markdown
116 lines
5.3 KiB
Markdown
---
|
|
layout: docs
|
|
page_title: Uninstall Consul on Kubernetes
|
|
description: >-
|
|
You can use the Consul-K8s CLI tool to remove all or part of a Consul installation on Kubernetes. You can also use Helm and then manually remove resources that Helm does not delete.
|
|
---
|
|
|
|
# Uninstall Consul on Kubernetes
|
|
|
|
You can uninstall Consul using Helm commands or the Consul K8s CLI.
|
|
|
|
## Consul K8s CLI
|
|
|
|
Issue the `consul-k8s uninstall` command to remove Consul on Kubernetes. You can specify the installation name, namespace, and data retention behavior using the applicable options. By default, the uninstall preserves the secrets and PVCs that are provisioned by Consul on Kubernetes.
|
|
|
|
```shell-session
|
|
$ consul-k8s uninstall <OPTIONS>
|
|
```
|
|
|
|
In the following example, Consul will be uninstalled and the data removed without prompting you to verify the operations:
|
|
|
|
```shell-session
|
|
$ consul-k8s uninstall -auto-approve=true -wipe-data=true
|
|
```
|
|
|
|
Refer to the [Consul K8s CLI reference](/consul/docs/k8s/k8s-cli#uninstall) topic for details.
|
|
|
|
## Helm commands
|
|
|
|
Run the `helm uninstall` **and** manually remove resources that Helm does not delete.
|
|
|
|
1. Although the Helm chart automates the deletion of CRDs upon uninstall, sometimes the finalizers tied to those CRDs may not complete because the deletion of the CRDs rely on the Consul K8s controller running. Ensure that previously created CRDs for Consul on Kubernetes are deleted, so subsequent installs of Consul on Kubernetes on the same Kubernetes cluster do not get blocked.
|
|
|
|
```shell-session
|
|
$ kubectl delete crd --selector app=consul
|
|
```
|
|
|
|
1. (Optional) If Consul is installed in a dedicated namespace, set the kubeConfig context to the `consul` namespace. Otherwise, subsequent commands will need to include `--namespace consul`.
|
|
|
|
```shell-session
|
|
$ kubectl config set-context --current --namespace=consul
|
|
```
|
|
|
|
1. Run the `helm uninstall <release-name>` command and specify the release name you've installed Consul with, e.g.,:
|
|
|
|
```shell-session
|
|
$ helm uninstall consul
|
|
release "consul" uninstalled
|
|
```
|
|
|
|
1. After deleting the Helm release, you need to delete the `PersistentVolumeClaim`'s
|
|
for the persistent volumes that store Consul's data. A [bug](https://github.com/helm/helm/issues/5156) in Helm prevents PVCs from being deleted. Issue the following commands:
|
|
|
|
```shell-session
|
|
$ kubectl get pvc --selector="chart=consul-helm"
|
|
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
|
|
data-default-hashicorp-consul-server-0 Bound pvc-32cb296b-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
|
|
data-default-hashicorp-consul-server-1 Bound pvc-32d79919-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
|
|
data-default-hashicorp-consul-server-2 Bound pvc-331581ea-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
|
|
|
|
$ kubectl delete pvc --selector="chart=consul-helm"
|
|
persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
|
|
persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
|
|
persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
|
|
```
|
|
|
|
~> **NOTE:** This will delete **all** data stored in Consul and it can't be
|
|
recovered unless you've taken other backups.
|
|
|
|
1. If installing with ACLs enabled, you will need to then delete the ACL secrets:
|
|
|
|
```shell-session
|
|
$ kubectl get secrets --field-selector="type=Opaque" | grep consul
|
|
consul-acl-replication-acl-token Opaque 1 41m
|
|
consul-bootstrap-acl-token Opaque 1 41m
|
|
consul-client-acl-token Opaque 1 41m
|
|
consul-connect-inject-acl-token Opaque 1 37m
|
|
consul-controller-acl-token Opaque 1 37m
|
|
consul-federation Opaque 4 41m
|
|
consul-mesh-gateway-acl-token Opaque 1 41m
|
|
```
|
|
|
|
1. Ensure that the secrets you're about to delete are all created by Consul and not
|
|
created by another user with the word `consul`.
|
|
|
|
```shell-session
|
|
$ kubectl get secrets --field-selector="type=Opaque" | grep consul | awk '{print $1}' | xargs kubectl delete secret
|
|
secret "consul-acl-replication-acl-token" deleted
|
|
secret "consul-bootstrap-acl-token" deleted
|
|
secret "consul-client-acl-token" deleted
|
|
secret "consul-connect-inject-acl-token" deleted
|
|
secret "consul-controller-acl-token" deleted
|
|
secret "consul-federation" deleted
|
|
secret "consul-mesh-gateway-acl-token" deleted
|
|
secret "consul-gossip-encryption-key" deleted
|
|
```
|
|
|
|
1. If installing with `tls.enabled` then, run the following commands to delete the `ServiceAccount` left behind:
|
|
|
|
```shell-session
|
|
$ kubectl get serviceaccount consul-tls-init
|
|
NAME SECRETS AGE
|
|
consul-tls-init 1 47m
|
|
```
|
|
|
|
```shell-session
|
|
$ kubectl delete serviceaccount consul-tls-init
|
|
serviceaccount "consul-tls-init" deleted
|
|
```
|
|
|
|
1. (Optional) Delete the namespace (i.e. `consul` in the following example) that you have dedicated for installing Consul on Kubernetes.
|
|
|
|
```shell-session
|
|
$ kubectl delete ns consul
|
|
```
|