ยปUninstall Consul

Uninstalling Consul requires running helm delete and then manually cleaning up some resources that Helm does not delete.

  1. First, run helm delete:

    $ helm delete hashicorp
    release "hashicorp" uninstalled
    
    $ helm delete hashicorprelease "hashicorp" uninstalled
  2. After deleting the Helm release, you need to delete the PersistentVolumeClaim's for the persistent volumes that store Consul's data. These are not deleted by Helm due to a bug. To delete, run:

    $ kubectl get pvc -l chart=consul-helm
    NAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
    data-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    data-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    data-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    
    $ kubectl delete pvc -l chart=consul-helm
    persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
    persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
    persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
    
    $ kubectl get pvc -l chart=consul-helmNAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGEdata-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17mdata-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17mdata-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    $ kubectl delete pvc -l chart=consul-helmpersistentvolumeclaim "data-default-hashicorp-consul-server-0" deletedpersistentvolumeclaim "data-default-hashicorp-consul-server-1" deletedpersistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
  3. If installing with ACLs enabled, you will need to then delete the ACL secrets:

    $ kubectl get secret | grep consul | grep Opaque
    consul-acl-replication-acl-token    Opaque                                1      41m
    consul-bootstrap-acl-token          Opaque                                1      41m
    consul-client-acl-token             Opaque                                1      41m
    consul-connect-inject-acl-token     Opaque                                1      37m
    consul-controller-acl-token         Opaque                                1      37m
    consul-federation                   Opaque                                4      41m
    consul-mesh-gateway-acl-token       Opaque                                1      41m
    
    $ kubectl get secret | grep consul | grep Opaqueconsul-acl-replication-acl-token    Opaque                                1      41mconsul-bootstrap-acl-token          Opaque                                1      41mconsul-client-acl-token             Opaque                                1      41mconsul-connect-inject-acl-token     Opaque                                1      37mconsul-controller-acl-token         Opaque                                1      37mconsul-federation                   Opaque                                4      41mconsul-mesh-gateway-acl-token       Opaque                                1      41m
  4. Ensure that the secrets you're about to delete are all created by Consul and not created by someone else that happen to have the word consul:

    $ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
    secret "consul-acl-replication-acl-token" deleted
    secret "consul-bootstrap-acl-token" deleted
    secret "consul-client-acl-token" deleted
    secret "consul-connect-inject-acl-token" deleted
    secret "consul-controller-acl-token" deleted
    secret "consul-federation" deleted
    secret "consul-mesh-gateway-acl-token" deleted
    secret "consul-gossip-encryption-key" deleted
    
    $ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secretsecret "consul-acl-replication-acl-token" deletedsecret "consul-bootstrap-acl-token" deletedsecret "consul-client-acl-token" deletedsecret "consul-connect-inject-acl-token" deletedsecret "consul-controller-acl-token" deletedsecret "consul-federation" deletedsecret "consul-mesh-gateway-acl-token" deletedsecret "consul-gossip-encryption-key" deleted
  5. If installing with tls.enabled then there will be a ServiceAccount that is left behind:

    $ kubectl get serviceaccount consul-tls-init
    NAME              SECRETS   AGE
    consul-tls-init   1         47m
    
    $ kubectl get serviceaccount consul-tls-initNAME              SECRETS   AGEconsul-tls-init   1         47m
    $ kubectl delete serviceaccount consul-tls-init
    serviceaccount "consul-tls-init" deleted
    
    $ kubectl delete serviceaccount consul-tls-initserviceaccount "consul-tls-init" deleted