consul/website/content/docs/k8s/operations/uninstall.mdx

98 lines
4.1 KiB
Plaintext

---
layout: docs
page_title: Uninstall
description: Uninstall Consul on Kubernetes
---
# Uninstall Consul
You can uninstall Consul using Helm commands or the Consul K8s CLI.
## Helm commands
Run the `helm uninstall` **and** manually remove resources that Helm does not delete.
1. First, run `helm uninstall`:
```shell-session
$ helm uninstall hashicorp
release "hashicorp" uninstalled
```
1. After deleting the Helm release, you need to delete the `PersistentVolumeClaim`'s
for the persistent volumes that store Consul's data. A [bug](https://github.com/helm/helm/issues/5156) in Helm prevents PVCs from being deleted. Issue the following commands:
```shell-session
$ kubectl get pvc -l chart=consul-helm
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-default-hashicorp-consul-server-0 Bound pvc-32cb296b-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
data-default-hashicorp-consul-server-1 Bound pvc-32d79919-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
data-default-hashicorp-consul-server-2 Bound pvc-331581ea-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
$ kubectl delete pvc -l chart=consul-helm
persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
```
~> **NOTE:** This will delete **all** data stored in Consul and it can't be
recovered unless you've taken other backups.
1. If installing with ACLs enabled, you will need to then delete the ACL secrets:
```shell-session
$ kubectl get secret | grep consul | grep Opaque
consul-acl-replication-acl-token Opaque 1 41m
consul-bootstrap-acl-token Opaque 1 41m
consul-client-acl-token Opaque 1 41m
consul-connect-inject-acl-token Opaque 1 37m
consul-controller-acl-token Opaque 1 37m
consul-federation Opaque 4 41m
consul-mesh-gateway-acl-token Opaque 1 41m
```
1. Ensure that the secrets you're about to delete are all created by Consul and not
created by another user with the word `consul`.
```shell-session
$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
secret "consul-acl-replication-acl-token" deleted
secret "consul-bootstrap-acl-token" deleted
secret "consul-client-acl-token" deleted
secret "consul-connect-inject-acl-token" deleted
secret "consul-controller-acl-token" deleted
secret "consul-federation" deleted
secret "consul-mesh-gateway-acl-token" deleted
secret "consul-gossip-encryption-key" deleted
```
1. If installing with `tls.enabled` then, run the following commands to delete the `ServiceAccount` left behind:
```shell-session
$ kubectl get serviceaccount consul-tls-init
NAME SECRETS AGE
consul-tls-init 1 47m
```
```shell-session
$ kubectl delete serviceaccount consul-tls-init
serviceaccount "consul-tls-init" deleted
```
## Consul K8s CLI
Issue the `consul-k8s uninstall` command to remove Consul on Kubernetes. You can specify the installation name, namespace, and data retention behavior using the applicable options. By default, the uninstallation preserves the secrets and PVCs that are provisioned by Consul on Kubernetes.
```shell-session
$ consul-k8s uninstall <OPTIONS>
```
In the following example, Consul will be uninstalled and the data removed without prompting you to verify the operations:
```shell-session
$ consul-k8s uninstall -auto-approve=true -wipe-data=true
```
Refer to the [Consul K8s CLI reference](/docs/k8s/k8s-cli#uninstall) topic for details.