Uninstalling Gloo Mesh

If you no longer need your Gloo Mesh environment, you can uninstall Gloo Mesh from your management and remote clusters.

Before you begin:

  1. Set the names of your clusters from your infrastructure provider.
    export MGMT_CLUSTER=mgmt-cluster
    export REMOTE_CLUSTER1=cluster-1
    export REMOTE_CLUSTER2=cluster-2
    
  2. Save the kubeconfig contexts for your clusters. Run kubectl config get-contexts, look for the cluster name in the CLUSTER column, and get the context name in the NAME column.
    export MGMT_CONTEXT=<management-cluster-context>
    export REMOTE_CONTEXT1=<remote-cluster-1-context>
    export REMOTE_CONTEXT2=<remote-cluster-2-context>
    
  3. Save the names and contexts for subsequent remote clusters as needed, such as REMOTE_CONTEXT3, and so on.

Deregister remote clusters

To deregister a cluster, you must uninstall the enterprise-agent that runs on the remote cluster and the corresponding KubernetesCluster resource that exists on the management cluster.

  1. Uninstall the enterprise-agent that runs on the remote cluster.

    • If you installed with meshctl:
      meshctl cluster deregister \
        --mgmt-context $MGMT_CONTEXT \
        --remote-context $REMOTE_CONTEXT1 \
        $REMOTE_CLUSTER1
      

      Example output:

      Deregistering cluster: cluster-1
      Finished uninstalling release enterprise-agent
      Successfully deregistered cluster: cluster-1
      
    • If you installed with Helm:
      1. Uninstall the enterprise-agent Helm chart that runs on cluster-1 and cluster-2.

        helm uninstall enterprise-agent -n gloo-mesh --kube-context $REMOTE_CONTEXT1
        helm uninstall enterprise-agent -n gloo-mesh --kube-context $REMOTE_CONTEXT2
        
      2. Delete the corresponding KubernetesCluster resources from the management cluster.

        kubectl delete kubernetescluster $REMOTE_CLUSTER1 $REMOTE_CLUSTER2 -n gloo-mesh
        
  2. Delete the Custom Resource Definitions (CRDs) that were installed on cluster-1 and cluster-2 during registration.

    for crd in $(kubectl get crd --context $REMOTE_CONTEXT1 | grep mesh.gloo | awk '{print $1}'); do kubectl --context $REMOTE_CONTEXT1 delete crd $crd; done
    for crd in $(kubectl get crd --context $REMOTE_CONTEXT2| grep mesh.gloo | awk '{print $1}'); do kubectl --context $REMOTE_CONTEXT2 delete crd $crd; done
    
  3. Delete the gloo-mesh namespace from cluster-1 and cluster-2.

    kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh
    kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh
    
  4. Optional: If you installed the rate limiting and external authentication components in the gloo-mesh-addons namespace of your workload clusters, uninstall the enterprise-agent Helm chart and delete the gloo-mesh-addons namespace.

    helm uninstall enterprise-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT1
    helm uninstall enterprise-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT2
    
    kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh-addons
    kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh-addons
    
  5. Repeat these steps for each cluster that is registered with Gloo Mesh. For example, if you ran the management components in a cluster that was also registered, repeat these steps for the MGMT_CLUSTER and specify the MGMT_CONTEXT. If you registered multiple remote clusters, repeat these steps for each remote cluster.

Uninstall management components

Uninstall the Gloo Mesh management components from the management cluster.

  1. Uninstall the Gloo Mesh management plane components.

    • If you installed with meshctl:
      meshctl uninstall --kubecontext $MGMT_CONTEXT
      

      Example output:

      Uninstalling Helm chart
      Finished uninstalling release gloo-mesh
      
    • If you installed with Helm:
      helm uninstall gloo-mesh-enterprise -n gloo-mesh --kube-context $MGMT_CONTEXT
      
  2. Delete the Gloo Mesh CRDs.

    for crd in $(kubectl get crd --context $MGMT_CONTEXT | grep mesh.gloo | awk '{print $1}'); do kubectl --context $MGMT_CONTEXT delete crd $crd; done
    
  3. Delete the gloo-mesh namespace.

    kubectl --context $MGMT_CONTEXT delete namespace gloo-mesh
    

Optional: Uninstall Bookinfo and Istio

Optionally uninstall Bookinfo, the Istio sample application, and Istio from each remote cluster.

  1. Set the version of Istio that you installed in an environment variable.

    ISTIO_VERSION=<Istio_version>
    
  2. If you installed Bookinfo run the following commands to uninstall its resources.

    # Remove sidecar injection label from the default namespace
    kubectl --context $REMOTE_CONTEXT1 label namespace default istio-injection-
    # Remove all assets in bookinfo
    kubectl --context $REMOTE_CONTEXT1 delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml
    # Remove ingress gateway configuration for accessing Bookinfo
    kubectl --context $REMOTE_CONTEXT1 delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/networking/bookinfo-gateway.yaml
    
    # Remove sidecar injection label from the default namespace
    kubectl --context $REMOTE_CONTEXT2 label namespace default istio-injection-
    # Remove all assets in bookinfo
    kubectl --context $REMOTE_CONTEXT2 delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml
    # Remove ingress gateway configuration for accessing Bookinfo
    kubectl --context $REMOTE_CONTEXT2 delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/networking/bookinfo-gateway.yaml
    
  3. Uninstall Istio and delete the istio-system namespace.

    istioctl --context $REMOTE_CONTEXT1 x uninstall --purge
    kubectl --context $REMOTE_CONTEXT1 delete namespace istio-system
    
    istioctl --context $REMOTE_CONTEXT2 x uninstall --purge
    kubectl --context $REMOTE_CONTEXT2 delete namespace istio-system
    
  4. Optional: If you deployed Istio components across several namespaces, such as by using separate gateway namespaces or an Isiot operator namespaces, delete those namespaces.

    • Config:
      kubectl --context $REMOTE_CONTEXT1 delete namespace istio-config
      kubectl --context $REMOTE_CONTEXT2 delete namespace istio-config
      
    • Gateways:
      kubectl --context $REMOTE_CONTEXT1 delete namespace istio-gateways
      kubectl --context $REMOTE_CONTEXT2 delete namespace istio-gateways
      

      OR

      kubectl --context $REMOTE_CONTEXT1 delete namespace istio-ingress
      kubectl --context $REMOTE_CONTEXT2 delete namespace istio-ingress
      kubectl --context $REMOTE_CONTEXT1 delete namespace istio-egress
      kubectl --context $REMOTE_CONTEXT2 delete namespace istio-egress
      kubectl --context $REMOTE_CONTEXT1 delete namespace istio-eastwest
      kubectl --context $REMOTE_CONTEXT2 delete namespace istio-eastwest
      
    • Operator:
      kubectl --context $REMOTE_CONTEXT1 delete namespace istio-operator
      kubectl --context $REMOTE_CONTEXT2 delete namespace istio-operator
      
  5. OpenShift installations: Revoke the extra permissions and resources required for OpenShift to run Istio.

    1. Revoke the Istio namespace ID permissions.

      oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
      oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-operator
      oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:default
      oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
      oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-operator
      oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:default
      
    2. Delete the NetworkAttachmentDefinition resources.

      oc --context $REMOTE_CONTEXT1 -n default delete network-attachment-definition istio-cni
      oc --context $REMOTE_CONTEXT2 -n default delete network-attachment-definition istio-cni
      
  6. Repeat these steps for each cluster that was registered with Gloo Mesh. For example, if you ran the management components in a cluster that was also registered, repeat these steps for the MGMT_CONTEXT. If you registered multiple remote clusters, repeat these steps for each remote cluster.