ยปUninstall Consul
Uninstalling Consul requires running helm delete and then manually cleaning
up some resources that Helm does not delete.
-
First, run helm delete:
$ helm delete hashicorp
release "hashicorp" uninstalled
$ helm delete hashicorprelease "hashicorp" uninstalled
-
After deleting the Helm release, you need to delete the PersistentVolumeClaim's
for the persistent volumes that store Consul's data. These are not deleted by Helm due to a bug.
To delete, run:
$ kubectl get pvc -l chart=consul-helm
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
data-default-hashicorp-consul-server-0 Bound pvc-32cb296b-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
data-default-hashicorp-consul-server-1 Bound pvc-32d79919-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
data-default-hashicorp-consul-server-2 Bound pvc-331581ea-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
$ kubectl delete pvc -l chart=consul-helm
persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
$ kubectl get pvc -l chart=consul-helmNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdata-default-hashicorp-consul-server-0 Bound pvc-32cb296b-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17mdata-default-hashicorp-consul-server-1 Bound pvc-32d79919-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17mdata-default-hashicorp-consul-server-2 Bound pvc-331581ea-1213-11ea-b6f0-42010a8001db 10Gi RWO standard 17m
$ kubectl delete pvc -l chart=consul-helmpersistentvolumeclaim "data-default-hashicorp-consul-server-0" deletedpersistentvolumeclaim "data-default-hashicorp-consul-server-1" deletedpersistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
NOTE: This will delete all data stored in Consul and it can't be
recovered unless you've taken other backups.
-
If installing with ACLs enabled, you will need to then delete the ACL secrets:
$ kubectl get secret | grep consul | grep Opaque
consul-acl-replication-acl-token Opaque 1 41m
consul-bootstrap-acl-token Opaque 1 41m
consul-client-acl-token Opaque 1 41m
consul-connect-inject-acl-token Opaque 1 37m
consul-controller-acl-token Opaque 1 37m
consul-federation Opaque 4 41m
consul-mesh-gateway-acl-token Opaque 1 41m
$ kubectl get secret | grep consul | grep Opaqueconsul-acl-replication-acl-token Opaque 1 41mconsul-bootstrap-acl-token Opaque 1 41mconsul-client-acl-token Opaque 1 41mconsul-connect-inject-acl-token Opaque 1 37mconsul-controller-acl-token Opaque 1 37mconsul-federation Opaque 4 41mconsul-mesh-gateway-acl-token Opaque 1 41m
-
Ensure that the secrets you're about to delete are all created by Consul and not
created by someone else that happen to have the word consul:
$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
secret "consul-acl-replication-acl-token" deleted
secret "consul-bootstrap-acl-token" deleted
secret "consul-client-acl-token" deleted
secret "consul-connect-inject-acl-token" deleted
secret "consul-controller-acl-token" deleted
secret "consul-federation" deleted
secret "consul-mesh-gateway-acl-token" deleted
secret "consul-gossip-encryption-key" deleted
$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secretsecret "consul-acl-replication-acl-token" deletedsecret "consul-bootstrap-acl-token" deletedsecret "consul-client-acl-token" deletedsecret "consul-connect-inject-acl-token" deletedsecret "consul-controller-acl-token" deletedsecret "consul-federation" deletedsecret "consul-mesh-gateway-acl-token" deletedsecret "consul-gossip-encryption-key" deleted
-
If installing with tls.enabled then there will be a ServiceAccount that is left behind:
$ kubectl get serviceaccount consul-tls-init
NAME SECRETS AGE
consul-tls-init 1 47m
$ kubectl get serviceaccount consul-tls-initNAME SECRETS AGEconsul-tls-init 1 47m
$ kubectl delete serviceaccount consul-tls-init
serviceaccount "consul-tls-init" deleted
$ kubectl delete serviceaccount consul-tls-initserviceaccount "consul-tls-init" deleted