96 lines
3.8 KiB
Plaintext
96 lines
3.8 KiB
Plaintext
---
|
|
layout: docs
|
|
page_title: Uninstall
|
|
description: Uninstall Consul on Kubernetes
|
|
---
|
|
|
|
# Uninstall Consul
|
|
|
|
Uninstalling Consul requires running `helm delete` **and** then manually cleaning
|
|
up some resources that Helm does not delete.
|
|
|
|
1. First, run `helm delete`:
|
|
|
|
```shell-session
|
|
$ helm delete hashicorp
|
|
release "hashicorp" uninstalled
|
|
```
|
|
|
|
-> If using Helm 2, run `helm delete --purge hashicorp`
|
|
|
|
1. After deleting the Helm release, you need to delete the `PersistentVolumeClaim`'s
|
|
for the persistent volumes that store Consul's data. These are not deleted by Helm due to a [bug](https://github.com/helm/helm/issues/5156).
|
|
To delete, run:
|
|
|
|
```shell-session
|
|
$ kubectl get pvc -l chart=consul-helm
|
|
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
|
|
data-default-hashicorp-consul-server-0 Bound pvc-32cb296b-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
|
|
data-default-hashicorp-consul-server-1 Bound pvc-32d79919-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
|
|
data-default-hashicorp-consul-server-2 Bound pvc-331581ea-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
|
|
|
|
$ kubectl delete pvc -l chart=consul-helm
|
|
persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
|
|
persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
|
|
persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
|
|
```
|
|
|
|
~> **NOTE:** This will delete **all** data stored in Consul and it can't be
|
|
recovered unless you've taken other backups.
|
|
|
|
1. If installing with ACLs enabled, you will need to then delete the ACL secrets:
|
|
|
|
```shell-session
|
|
$ kubectl get secret | grep consul | grep Opaque
|
|
consul-acl-replication-acl-token Opaque 1 41m
|
|
consul-bootstrap-acl-token Opaque 1 41m
|
|
consul-client-acl-token Opaque 1 41m
|
|
consul-connect-inject-acl-token Opaque 1 37m
|
|
consul-controller-acl-token Opaque 1 37m
|
|
consul-federation Opaque 4 41m
|
|
consul-mesh-gateway-acl-token Opaque 1 41m
|
|
```
|
|
|
|
Ensure that the secrets you're about to delete are all created by Consul and not
|
|
created by someone else that happen to have the word `consul`.
|
|
|
|
```shell-session
|
|
$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
|
|
secret "consul-acl-replication-acl-token" deleted
|
|
secret "consul-bootstrap-acl-token" deleted
|
|
secret "consul-client-acl-token" deleted
|
|
secret "consul-connect-inject-acl-token" deleted
|
|
secret "consul-controller-acl-token" deleted
|
|
secret "consul-federation" deleted
|
|
secret "consul-mesh-gateway-acl-token" deleted
|
|
secret "consul-gossip-encryption-key" deleted
|
|
```
|
|
|
|
1. If installing with `controller.enabled` then you will need to delete the
|
|
webhook certificate:
|
|
|
|
```shell-session
|
|
$ kubectl get secret consul-controller-webhook-cert
|
|
NAME TYPE DATA AGE
|
|
consul-controller-webhook-cert kubernetes.io/tls 2 47m
|
|
```
|
|
|
|
```shell-session
|
|
$ kubectl delete secret consul-controller-webhook-cert
|
|
secret "consul-consul-controller-webhook-cert" deleted
|
|
```
|
|
|
|
1. If installing with `tls.enabled` then there will be a `ServiceAccount`
|
|
that is left behind:
|
|
|
|
```shell-session
|
|
$ kubectl get serviceaccount consul-tls-init
|
|
NAME SECRETS AGE
|
|
consul-tls-init 1 47m
|
|
```
|
|
|
|
```shell-session
|
|
$ kubectl delete serviceaccount consul-tls-init
|
|
serviceaccount "consul-tls-init" deleted
|
|
```
|