Navigation :

Uninstall legacy installations

This guide uninstalls setups that were installed using the legacy gloo-mesh-enterpise, gloo-mesh-agent, and other included Helm charts, or using meshctl version 2.2 or earlier. To uninstall setups that were installed using the gloo-platform Helm chart, see the gloo-platform uninstall guide instead.

If you no longer need your Gloo Gateway environment, you can uninstall Gloo Gateway components, such as the control plane, agent, gateway proxies, and sample apps.

Uninstall Gloo Gateway in a single-cluster setup
Uninstall Gloo Gateway in a multicluster setup

Single-cluster setups

Save the names of your clusters from your infrastructure provider as environment variables.
```
export CLUSTER_NAME=<cluster_name>
```
Uninstall the Gateway resources. These steps differ depending on whether you installed the Istio control plane and gateways with the managedInstallations Helm chart setting, created IstioLifecycleManager and GatewayLifecycleManager custom resources, or manually deployed the control plane and gateways with Istio Helm charts.
1. Delete the GatewayLifecycleManager resource for the gateway that you deployed.
  kubectl delete GatewayLifecycleManager istio-ingressgateway -n gloo-mesh
2. Delete the IstioLifecycleManager for the istiod control plane.
  kubectl delete IstioLifecycleManager gloo-mesh-enterprise -n gloo-mesh
1. Delete the GatewayLifecycleManager resource for the gateway that you deployed.
  kubectl delete GatewayLifecycleManager istio-ingressgateway -n gloo-mesh
2. Delete the IstioLifecycleManager for the istiod control plane.
  kubectl delete IstioLifecycleManager istiod-control-plane -n gloo-mesh
3. Delete the Istio namespaces.
  kubectl delete ns istio-system kubectl delete ns gloo-mesh-gateways
1. Find the name of your Istio Helm chart release in the gloo-mesh-gateways namespace, such as istio-ingressgateway-1-17-2.
  helm ls -n gloo-mesh-gateways
2. Delete the Helm release for the ingress gateway.
  helm delete istio-ingressgateway-1-17-2 -n gloo-mesh-gateways
3. Find the name of your Istio Helm chart release in the istio-system namespace, such as istiod-1-17-2.
  helm ls -n istio-system
4. Delete the Helm release for the istiod control plane.
  helm delete istiod-1-17-2 -n istio-system
5. Delete the Istio namespaces.
  kubectl delete ns istio-system --context $REMOTE_CONTEXT1 kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT1 kubectl delete ns istio-config --context $REMOTE_CONTEXT1
  kubectl delete ns istio-system --context $REMOTE_CONTEXT2 kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT2 kubectl delete ns istio-config --context $REMOTE_CONTEXT2

OpenShift installations: Revoke the extra permissions and resources required for OpenShift to run Istio.

Revoke the Istio namespace ID permissions for the Istio service accounts.

oc adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:gloo-mesh-gateways
# Update revision as needed
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:gm-iop-1-17-2

Revoke the Istio namespace ID permissions for workload project service accounts.

oc adm policy remove-scc-from-group anyuid system:serviceaccounts:bookinfo
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:httpbin
# Any workload projects that you elevated permissions for
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:<workload_projects>

Delete the NetworkAttachmentDefinition resources for your workload projects.
```
oc delete network-attachment-definition istio-cni -n <workload_projects>
```

If you installed the rate limiting and external authentication components in the gloo-mesh-addons namespace of your workload clusters, uninstall the gloo-agent-addons Helm release and delete the gloo-mesh-addons namespace.
```
helm uninstall gloo-agent-addons -n gloo-mesh-addons
kubectl delete namespace gloo-mesh-addons
```
Delete the KubernetesCluster resource from the cluster. Note that depending on your Gloo Platform installation method, this resource might not exist.
```
kubectl delete kubernetescluster $CLUSTER_NAME -n gloo-mesh
```
Uninstall the Gloo Gateway control plane components.
- Installed with meshctl
- Installed with Helm
```
meshctl uninstall
```
Example output:
```
Uninstalling Helm chart
Finished uninstalling release gloo-mesh
```
```
helm uninstall gloo-mgmt -n gloo-mesh
```

Delete the Gloo Gateway CRDs.

for crd in $(kubectl get crd -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl delete crd $crd; done

Delete the gloo-mesh namespace.
```
kubectl delete namespace gloo-mesh
```

Optional: If you installed Bookinfo, run the following commands to uninstall its resources.

Export the Istio version that your cluster runs as an environment variable, such as 1.17.2 in the following example.
```
export ISTIO_VERSION=1.17.2
```

Remove the Bookinfo application components and service accounts.

kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)'
kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account'

Delete the bookinfo namespace.
```
kubectl delete ns bookinfo
```

Remove the httpbin application components.

kubectl -n httpbin delete -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml

Delete the httpbin namespace.
```
kubectl delete ns httpbin
```

Multicluster setups

Save the names of your clusters from your infrastructure provider as environment variables.
```
export REMOTE_CLUSTER1=cluster1
export REMOTE_CLUSTER2=cluster2
...
```
Save the kubeconfig contexts for your clusters as environment variables. Run kubectl config get-contexts, look for your cluster in the CLUSTER column, and get the context name in the NAME column.
```
export MGMT_CONTEXT=<management-cluster-context>
export REMOTE_CONTEXT1=<remote-cluster1-context>
export REMOTE_CONTEXT2=<remote-cluster2-context>
...
```

Uninstall the Gateway resources from each workload cluster. These steps differ depending on whether you used managed or unmanaged Istio installations.

Managed IstioLifecycleManager CRs
Manual Helm deployments

Delete the GatewayLifecycleManager resources for the gateways that you deployed.

kubectl delete GatewayLifecycleManager istio-ingressgateway -n gloo-mesh --context $MGMT_CONTEXT
kubectl delete GatewayLifecycleManager istio-eastwestgateway -n gloo-mesh --context $MGMT_CONTEXT

Delete the IstioLifecycleManager for the istiod control plane.

kubectl delete IstioLifecycleManager istiod-control-plane -n gloo-mesh --context $MGMT_CONTEXT

Delete the Istio namespaces from the workload clusters.

kubectl delete ns istio-system --context $REMOTE_CONTEXT1
kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT1

kubectl delete ns istio-system --context $REMOTE_CONTEXT2
kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT2

Find the name of your Istio Helm chart releases in the gloo-mesh-gateways namespace, such as istio-ingressgateway-1-17-2 and istio-eastwestgateway-1-17-2.
```
helm ls -n gloo-mesh-gateways
```

Delete the Helm release for the ingress and east-west gateways.

helm delete istio-ingressgateway-1-17-2 -n gloo-mesh-gateways
helm delete istio-eastwestgateway-1-17-2 -n gloo-mesh-gateways

Find the name of your Istio Helm chart release in the istio-system namespace, such as istiod-1-17-2.
```
helm ls -n istio-system
```
Delete the Helm release for the istiod control plane.
```
helm delete istiod-1-17-2 -n istio-system
```

Delete the Istio namespaces.

kubectl delete ns istio-system --context $REMOTE_CONTEXT1
kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT1
kubectl delete ns istio-config --context $REMOTE_CONTEXT1

kubectl delete ns istio-system --context $REMOTE_CONTEXT2
kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT2
kubectl delete ns istio-config --context $REMOTE_CONTEXT2

OpenShift installations: Revoke the extra permissions and resources required for OpenShift to run Istio.

Revoke the Istio namespace ID permissions.

oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:<workload_projects>
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:<workload_projects>

Delete the NetworkAttachmentDefinition resources for your workload projects.

oc --context $REMOTE_CONTEXT1 delete network-attachment-definition istio-cni -n <workload_projects>
oc --context $REMOTE_CONTEXT2 delete network-attachment-definition istio-cni -n <workload_projects>

If you installed the rate limiting and external authentication components in the gloo-mesh-addons namespace of your workload clusters, uninstall the gloo-agent-addons Helm release and delete the gloo-mesh-addons namespace.

helm uninstall gloo-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT2
kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh-addons
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh-addons

Uninstall the Gloo agent that runs on each workload cluster.

Installed with meshctl
Installed with Helm

Deregister cluster1.

meshctl cluster deregister \
  --kubecontext $MGMT_CONTEXT \
  --remote-context $REMOTE_CONTEXT1 \
  $REMOTE_CLUSTER1

Example output:

Deregistering cluster: cluster1
Finished uninstalling release gloo-mesh-agent
Successfully deregistered cluster: cluster1

Deregister cluster2.

meshctl cluster deregister \
  --kubecontext $MGMT_CONTEXT \
  --remote-context $REMOTE_CONTEXT2 \
  $REMOTE_CLUSTER2

Uninstall the gloo-agent Helm chart that runs on cluster1 and cluster2.

helm uninstall gloo-agent -n gloo-mesh --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-agent -n gloo-mesh --kube-context $REMOTE_CONTEXT2

Delete the corresponding KubernetesCluster resources from the management cluster.

kubectl delete kubernetescluster $REMOTE_CLUSTER1 $REMOTE_CLUSTER2 -n gloo-mesh --context $MGMT_CONTEXT

Delete the Custom Resource Definitions (CRDs) that were installed on the workload clusters during registration.

for crd in $(kubectl get crd --context $REMOTE_CONTEXT1 -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl --context $REMOTE_CONTEXT1 delete crd $crd; done
for crd in $(kubectl get crd --context $REMOTE_CONTEXT2 -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl --context $REMOTE_CONTEXT2 delete crd $crd; done

Delete the gloo-mesh namespace from each workload cluster.

kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh

Repeat steps 3 - 8 for any other cluster that is registered with Gloo Gateway.

Uninstall the Gloo Gateway control plane components.

Installed with meshctl
Installed with Helm

```shell
meshctl uninstall --kubecontext $MGMT_CONTEXT
```
Example output:
```
Uninstalling Helm chart
Finished uninstalling release gloo-mesh
```
Note: If you see a warning such as `release gloo-platform does not exist, nothing to uninstall`, use the Helm tab instead.

```shell
helm uninstall gloo-mgmt -n gloo-mesh --kube-context $MGMT_CONTEXT
```

Delete the Gloo Gateway CRDs.

for crd in $(kubectl get crd --context $MGMT_CONTEXT -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl --context $MGMT_CONTEXT delete crd $crd; done

Delete the gloo-mesh namespace.

kubectl --context $MGMT_CONTEXT delete namespace gloo-mesh

Optional: If you installed the Bookinfo and httpbin sample apps, run the following commands to uninstall their resources.

Export the Istio version that your cluster runs as an environment variable, such as 1.17.2 in the following example.
```
export ISTIO_VERSION=1.17.2
```

Remove the Bookinfo application components and service accounts.

kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)' --context $REMOTE_CONTEXT1
kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)' --context $REMOTE_CONTEXT2
kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account' --context $REMOTE_CONTEXT1
kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account' --context $REMOTE_CONTEXT2

Delete the bookinfo namespace.

kubectl delete ns bookinfo --context $REMOTE_CONTEXT1
kubectl delete ns bookinfo --context $REMOTE_CONTEXT2

Remove the httpbin application components.

kubectl -n httpbin delete -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml --context $REMOTE_CONTEXT1
kubectl -n httpbin delete -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml --context $REMOTE_CONTEXT2

Delete the httpbin namespace.

kubectl delete ns httpbin --context $REMOTE_CONTEXT1
kubectl delete ns httpbin --context $REMOTE_CONTEXT2