Navigation :

Uninstall

If you no longer need your Gloo Mesh environment, you can deregister workload clusters and uninstall the Gloo Mesh control plane from your management cluster. You can also optionally uninstall Istio and the Bookinfo sample app.

This guide uninstalls setups that use the gloo-platform Helm chart, which is available in Gloo Platfrom 2.3 and later. If you installed Gloo Mesh by using the legacy Helm charts, or using meshctl version 2.2 or earlier, but did not migrate your installation, see the legacy uninstall guide.

Before you begin

  1. Set the names of your clusters from your infrastructure provider. 
    export MGMT_CLUSTER=mgmt
export REMOTE_CLUSTER1=cluster1
export REMOTE_CLUSTER2=cluster2
  2. Save the kubeconfig contexts for your clusters. Run kubectl config get-contexts, look for your cluster in the CLUSTER column, and get the context name in the NAME column. Note: Do not use context names with underscores. The context name is used as a SAN specification in the generated certificate that connects workload clusters to the management cluster, and underscores in SAN are not FQDN compliant. You can rename a context by running kubectl config rename-context "<oldcontext>" <newcontext>. 
    export MGMT_CONTEXT=<management-cluster-context>
export REMOTE_CONTEXT1=<remote-cluster1-context>
export REMOTE_CONTEXT2=<remote-cluster2-context>
  3. Save the names and contexts for subsequent workload clusters as needed, such as REMOTE_CONTEXT3, and so on.

Uninstall Istio

Uninstall Istio from each workload cluster. Note that if you used Gloo Mesh to manage your Istio installations, you must complete this section to uninstall Istio before you uninstall any Gloo Mesh management or agent components.

  1. Uninstall the Istio control plane and gateway proxies. These steps differ depending on how you installed them.

    1. Delete the GatewayLifecycleManager resources for the gateways that you installed.
      • East-west gateway: 
        kubectl delete GatewayLifecycleManager istio-eastwestgateway -n gloo-mesh --context $MGMT_CONTEXT
      • Ingress gateway: 
        kubectl delete GatewayLifecycleManager istio-ingressgateway -n gloo-mesh --context $MGMT_CONTEXT
      • Egress gateway: 
        kubectl delete GatewayLifecycleManager istio-egressgateway -n gloo-mesh --context $MGMT_CONTEXT
    2. Verify that the gateway resources are removed before you proceed to the next step. 
      kubectl get all -n gloo-mesh-gateways --context $REMOTE_CONTEXT1
    3. Delete the IstioLifecycleManager for the istiod control plane. Note that your resource might be named gloo-platform if you installed Istio by using the Gloo Platform Helm chart option, or gloo-mesh-enterprise if you migrated from the legacy Helm charts. 
      kubectl delete IstioLifecycleManager istiod-control-plane -n gloo-mesh --context $MGMT_CONTEXT
    4. Verify that the Istio resources are removed before you proceed to the next step. 
      # Change the revision as needed
kubectl get all -n gm-iop-1-18-2 --context $REMOTE_CONTEXT1
kubectl get all -n istio-system --context $REMOTE_CONTEXT1
    5. Delete the Istio namespaces from the workload clusters. 
      kubectl delete ns istio-system --context $REMOTE_CONTEXT1
kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT1

      kubectl delete ns istio-system --context $REMOTE_CONTEXT2
kubectl delete ns gloo-mesh-gateways --context $REMOTE_CONTEXT2

    1. Find the name of your Istio Helm chart releases in the istio-ingress namespace, such as istio-ingressgateway-1-18-2.

      helm ls -n istio-ingress

    2. Delete the Helm release for the ingress gateway.

      helm delete istio-ingressgateway-1-18-2 -n istio-ingress

    3. Find the name of your Istio Helm chart releases in the istio-eastwest namespace, such as istio-eastwestgateway-1-18-2.

      helm ls -n istio-eastwest

    4. Delete the Helm release for the ingress and east-west gateways.

      helm delete istio-eastwestgateway-1-18-2 -n istio-eastwest

    5. Find the name of your Istio Helm chart release in the istio-system namespace, such as istiod-1-18-2.

      helm ls -n istio-system

    6. Delete the Helm release for the istiod control plane.

      helm delete istiod-1-18-2 -n istio-system

    7. Delete the Istio namespaces.

      kubectl delete ns istio-system --context $REMOTE_CONTEXT1
kubectl delete ns istio-ingress --context $REMOTE_CONTEXT1
kubectl delete ns istio-eastwest --context $REMOTE_CONTEXT1
kubectl delete ns istio-config --context $REMOTE_CONTEXT1

      kubectl delete ns istio-system --context $REMOTE_CONTEXT2
kubectl delete ns istio-ingress --context $REMOTE_CONTEXT2
kubectl delete ns istio-eastwest --context $REMOTE_CONTEXT2
kubectl delete ns istio-config --context $REMOTE_CONTEXT2

  2. OpenShift installations: Revoke the extra permissions and resources required for OpenShift to run Istio.

    1. Revoke the Istio namespace ID permissions for the Istio service accounts. 
      oc adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system --context $REMOTE_CONTEXT1
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:gloo-mesh-gateways --context $REMOTE_CONTEXT1
# Update revision as needed
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:gm-iop-1-18-2 --context $REMOTE_CONTEXT1

      oc adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system --context $REMOTE_CONTEXT2
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:gloo-mesh-gateways --context $REMOTE_CONTEXT2
# Update revision as needed
oc adm policy remove-scc-from-group anyuid system:serviceaccounts:gm-iop-1-18-2 --context $REMOTE_CONTEXT2
    2. Revoke the Istio namespace ID permissions for sample app project service accounts. 
      oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:bookinfo
oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:httpbin
oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:helloworld
oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:gloo-mesh-addons

      oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:bookinfo
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:httpbin
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:helloworld
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:gloo-mesh-addons
    3. Delete the NetworkAttachmentDefinition resources and the Istio namespace ID permissions for your workload projects. 
      oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:<workload_projects>
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:<workload_projects>

      oc --context $REMOTE_CONTEXT1 delete network-attachment-definition istio-cni -n <workload_projects>
oc --context $REMOTE_CONTEXT2 delete network-attachment-definition istio-cni -n <workload_projects>

  3. Repeat these steps for each cluster that was registered with Gloo Mesh and that ran an Istio service mesh.

Deregister workload clusters

Uninstall the Gloo Mesh data plane components from the workload clusters.

  1. Uninstall the Gloo agent that runs on each workload cluster.

    1. Deregister cluster1. 
      meshctl cluster deregister \
  --kubecontext $MGMT_CONTEXT \
  --remote-context $REMOTE_CONTEXT1 \
  $REMOTE_CLUSTER1

      Example output:

      Deregistering cluster: cluster1
Finished uninstalling release gloo-mesh-agent
Successfully deregistered cluster: cluster1
    2. Deregister cluster2. 
      meshctl cluster deregister \
  --kubecontext $MGMT_CONTEXT \
  --remote-context $REMOTE_CONTEXT2 \
  $REMOTE_CLUSTER2
    1. If you maintained a separate gloo-agent-addons Helm release, uninstall the release. 
      helm uninstall gloo-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT2
    2. Uninstall the agent Helm releases. Note that if you migrated from the legacy Helm charts, your Helm releases might be named gloo-agent or gloo-mesh-agent instead. 
      helm uninstall gloo-platform -n gloo-mesh --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-platform -n gloo-mesh --kube-context $REMOTE_CONTEXT2
    3. Delete the corresponding KubernetesCluster resources from the management cluster. 
      kubectl delete kubernetescluster $REMOTE_CLUSTER1 $REMOTE_CLUSTER2 -n gloo-mesh --context $MGMT_CONTEXT
    4. Delete the relay secrets from each workload cluster, as you cannot reuse the same secret if you decide to re-register the agent later. 
      kubectl delete secret -n gloo-mesh relay-client-tls-secret --context $REMOTE_CONTEXT1
kubectl delete secret -n gloo-mesh relay-identity-token-secret --context $REMOTE_CONTEXT1
kubectl delete secret -n gloo-mesh relay-root-tls-secret --context $REMOTE_CONTEXT1

      kubectl delete secret -n gloo-mesh relay-client-tls-secret --context $REMOTE_CONTEXT2
kubectl delete secret -n gloo-mesh relay-identity-token-secret --context $REMOTE_CONTEXT2
kubectl delete secret -n gloo-mesh relay-root-tls-secret --context $REMOTE_CONTEXT2

  2. Uninstall the Gloo Mesh CRDs Helm releases in each workload cluster.

    helm uninstall gloo-platform-crds -n gloo-mesh --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-platform-crds -n gloo-mesh --kube-context $REMOTE_CONTEXT2

  3. Delete the gloo-mesh and gloo-mesh-addons namespaces from each workload cluster.

    kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh
kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh-addons
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh-addons

  4. Repeat these steps for any other cluster that is registered with Gloo Mesh. For example, if you ran the control plane in a cluster that was also registered, repeat these steps for the MGMT_CLUSTER and specify the MGMT_CONTEXT. If you registered multiple workload clusters, repeat these steps for each workload cluster.

Uninstall the control plane

Uninstall the Gloo Mesh control plane components from the management cluster.

  1. Uninstall the Gloo Mesh control plane components. 

    meshctl uninstall --purge --kubecontext $MGMT_CONTEXT

    Note: If you see a warning such as release gloo-platform does not exist, nothing to uninstall, use the Helm tab instead.

    meshctl uninstall --kubecontext $MGMT_CONTEXT

    Note: If you see a warning such as release gloo-platform does not exist, nothing to uninstall, use the Helm tab instead.

    Note that if you migrated from the legacy Helm charts, your Helm release might be named gloo-mgmt or gloo-mesh-enterprise instead.

    helm uninstall gloo-platform -n gloo-mesh --kube-context $MGMT_CONTEXT

  2. Uninstall the Gloo Mesh CRDs Helm release from the management cluster.

    helm uninstall gloo-platform-crds -n gloo-mesh --kube-context $MGMT_CONTEXT

  3. Delete the gloo-mesh namespace.

    kubectl --context $MGMT_CONTEXT delete namespace gloo-mesh

Optional: Uninstall sample apps

If you installed the Bookinfo and httpbin sample apps, run the following commands to uninstall their resources.

  1. Export the Istio version that your cluster runs as an environment variable, such as 1.18.2 in the following example.

    export ISTIO_VERSION=1.18.2

  2. Remove the Bookinfo application components and service accounts. 

    kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)' --context $REMOTE_CONTEXT1
kubectl -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account' --context $REMOTE_CONTEXT1

    kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service in (reviews)'
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app in (reviews),version in (v3)'
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app in (ratings)'
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account in (reviews, ratings)'

  3. Delete the bookinfo namespace.

    kubectl delete ns bookinfo --context $REMOTE_CONTEXT1
kubectl delete ns bookinfo --context $REMOTE_CONTEXT2

  4. Remove the httpbin application components.

    kubectl -n httpbin delete -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml --context $REMOTE_CONTEXT1
kubectl -n httpbin delete -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/httpbin.yaml --context $REMOTE_CONTEXT2

  5. Delete the httpbin namespace.

    kubectl delete ns httpbin --context $REMOTE_CONTEXT1
kubectl delete ns httpbin --context $REMOTE_CONTEXT2

  6. Remove the helloworld application components.

    kubectl -n helloworld delete -l 'service=helloworld' -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/helloworld.yaml --context $REMOTE_CONTEXT1
kubectl -n helloworld delete -l 'app=helloworld,version in (v1, v2)' -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/helloworld.yaml --context $REMOTE_CONTEXT1
kubectl -n helloworld delete -l 'service=helloworld' -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/helloworld.yaml --context $REMOTE_CONTEXT2
kubectl -n helloworld delete -l 'app=helloworld,version in (v3, v4)' -f https://raw.githubusercontent.com/solo-io/gloo-mesh-use-cases/main/policy-demo/helloworld.yaml --context $REMOTE_CONTEXT2

  7. Delete the helloworld namespace.

    kubectl delete ns helloworld --context $REMOTE_CONTEXT1
kubectl delete ns helloworld --context $REMOTE_CONTEXT2