Navigation :

Uninstall Gloo Mesh and Istio

If you no longer need your Gloo Mesh environment, you can uninstall Gloo Mesh from your management and remote clusters. You can also optionally uninstall Istio and the Bookinfo sample app.

Before you begin

Set the names of your clusters from your infrastructure provider.

export MGMT_CLUSTER=mgmt-cluster
export REMOTE_CLUSTER1=cluster-1
export REMOTE_CLUSTER2=cluster-2

Save the kubeconfig contexts for your clusters. Run kubectl config get-contexts, look for your cluster in the CLUSTER column, and get the context name in the NAME column.
```
export MGMT_CONTEXT=<management-cluster-context>
export REMOTE_CONTEXT1=<remote-cluster-1-context>
export REMOTE_CONTEXT2=<remote-cluster-2-context>
```
Save the names and contexts for subsequent remote clusters as needed, such as REMOTE_CONTEXT3, and so on.

Deregister remote clusters

To deregister a cluster, you must uninstall the gloo-mesh-agent that runs on the remote cluster and the corresponding KubernetesCluster resource that exists on the management cluster.

Uninstall the gloo-mesh-agent that runs on the remote cluster.

Installed with meshctl
Installed with Helm

Deregister cluster-1.

meshctl cluster deregister \
  --kubecontext $MGMT_CONTEXT \
  --remote-context $REMOTE_CONTEXT1 \
  $REMOTE_CLUSTER1

Example output:

Deregistering cluster: cluster-1
Finished uninstalling release gloo-mesh-agent
Successfully deregistered cluster: cluster-1

Deregister cluster-2.

meshctl cluster deregister \
  --kubecontext $MGMT_CONTEXT \
  --remote-context $REMOTE_CONTEXT2 \
  $REMOTE_CLUSTER2

Uninstall the gloo-mesh-agent Helm chart that runs on cluster-1 and cluster-2.

helm uninstall gloo-mesh-agent -n gloo-mesh --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-mesh-agent -n gloo-mesh --kube-context $REMOTE_CONTEXT2

Delete the corresponding KubernetesCluster resources from the management cluster.

kubectl delete kubernetescluster $REMOTE_CLUSTER1 $REMOTE_CLUSTER2 -n gloo-mesh

List the Gloo Mesh agent tokens in each cluster. These secrets are not removed during the Helm installation. However, you cannot reuse the same secret if you decide to register the agent later.
```
kubectl get secret -n gloo-mesh --context $REMOTE_CONTEXT1
kubectl get secret -n gloo-mesh --context $REMOTE_CONTEXT2
```

Delete the Gloo Mesh agent tokens for each cluster.

kubectl delete secret -n gloo-mesh --context $REMOTE_CONTEXT1 gloo-mesh-agent-token-<ID>
kubectl delete secret -n gloo-mesh --context $REMOTE_CONTEXT1 gloo-mesh-agent-token-<ID>

Delete the Custom Resource Definitions (CRDs) that were installed on cluster-1 and cluster-2 during registration.

for crd in $(kubectl get crd --context $REMOTE_CONTEXT1 -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl --context $REMOTE_CONTEXT1 delete crd $crd; done
for crd in $(kubectl get crd --context $REMOTE_CONTEXT2 -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl --context $REMOTE_CONTEXT2 delete crd $crd; done

Delete the gloo-mesh namespace from cluster-1 and cluster-2.

kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh

Optional: If you installed the rate limiting and external authentication components in the gloo-mesh-addons namespace of your workload clusters, uninstall the gloo-mesh-agent Helm chart and delete the gloo-mesh-addons namespace.

helm uninstall gloo-mesh-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-mesh-agent-addons -n gloo-mesh-addons --kube-context $REMOTE_CONTEXT2

kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh-addons
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh-addons

Repeat these steps for any other cluster that is registered with Gloo Mesh. For example, if you ran the management components in a cluster that was also registered, repeat these steps for the MGMT_CLUSTER and specify the MGMT_CONTEXT. If you registered multiple remote clusters, repeat these steps for each remote cluster.

Uninstall management components

Uninstall the Gloo Mesh management components from the management cluster.

Uninstall the Gloo Mesh management plane components.

Installed with meshctl
Installed with Helm

meshctl uninstall --kubecontext $MGMT_CONTEXT

Example output:

Uninstalling Helm chart
Finished uninstalling release gloo-mesh

helm uninstall gloo-mesh-enterprise -n gloo-mesh --kube-context $MGMT_CONTEXT

Delete the Gloo Mesh CRDs.

for crd in $(kubectl get crd --context $MGMT_CONTEXT -l app=gloo-mesh-apis | awk '{print $1}'); do kubectl --context $MGMT_CONTEXT delete crd $crd; done

Delete the gloo-mesh namespace.

kubectl --context $MGMT_CONTEXT delete namespace gloo-mesh

Optional: Uninstall Bookinfo and Istio

Optionally uninstall Bookinfo, the Istio sample application, and Istio from each remote cluster.

Export the Istio version that your cluster runs as an environment variable, such as 1.13.5 in the following example. You can check your Istio version by running istioctl version --context $REMOTE_CONTEXT1.
```
export ISTIO_VERSION=1.13.5
```

If you installed Bookinfo run the following commands to uninstall its resources.

cluster-1
cluster-2


# remove the sidecar injection label from the bookinfo namespace
kubectl --context $REMOTE_CONTEXT1 label namespace bookinfo istio-injection-
# remove bookinfo application components for all versions less than v3
kubectl --context $REMOTE_CONTEXT1 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app,version notin (v3)'
# remove all bookinfo service accounts
kubectl --context $REMOTE_CONTEXT1 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account'
# delete bookinfo namespace
kubectl --context $REMOTE_CONTEXT1 delete ns bookinfo


# remove the sidecar injection label from the bookinfo namespace
kubectl --context $REMOTE_CONTEXT2 label namespace bookinfo istio-injection-
# remove reviews and ratings services
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'service in (reviews)'
# remove reviews-v3
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app in (reviews),version in (v3)'
# remove ratings
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'app in (ratings)'
# remove reviews and ratings service accounts
kubectl --context $REMOTE_CONTEXT2 -n bookinfo delete -f https://raw.githubusercontent.com/istio/istio/$ISTIO_VERSION/samples/bookinfo/platform/kube/bookinfo.yaml -l 'account in (reviews, ratings)'
# delete bookinfo namespace
kubectl --context $REMOTE_CONTEXT2 delete ns bookinfo

Uninstall Istio and delete the istio-system namespace.

cluster-1
cluster-2


istioctl --context $REMOTE_CONTEXT1 x uninstall --purge
kubectl --context $REMOTE_CONTEXT1 delete namespace istio-system


istioctl --context $REMOTE_CONTEXT2 x uninstall --purge
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-system

Optional: If you deployed Istio components across several namespaces, such as by using separate gateway namespaces or an Istio operator namespaces, delete those namespaces.

istio-config
istio-gateways
Separate gateways
istio-operator


kubectl --context $REMOTE_CONTEXT1 delete namespace istio-config
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-config


kubectl --context $REMOTE_CONTEXT1 delete namespace istio-gateways
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-gateways


kubectl --context $REMOTE_CONTEXT1 delete namespace istio-ingress
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-ingress
kubectl --context $REMOTE_CONTEXT1 delete namespace istio-egress
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-egress
kubectl --context $REMOTE_CONTEXT1 delete namespace istio-eastwest
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-eastwest


kubectl --context $REMOTE_CONTEXT1 delete namespace istio-operator
kubectl --context $REMOTE_CONTEXT2 delete namespace istio-operator

OpenShift installations: Revoke the extra permissions and resources required for OpenShift to run Istio.

Revoke the Istio namespace ID permissions.

oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-operator
oc --context $REMOTE_CONTEXT1 adm policy remove-scc-from-group anyuid system:serviceaccounts:default
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-system
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:istio-operator
oc --context $REMOTE_CONTEXT2 adm policy remove-scc-from-group anyuid system:serviceaccounts:default

Delete the NetworkAttachmentDefinition resources.

oc --context $REMOTE_CONTEXT1 -n default delete network-attachment-definition istio-cni
oc --context $REMOTE_CONTEXT2 -n default delete network-attachment-definition istio-cni

Repeat these steps for each cluster that was registered with Gloo Mesh. For example, if you ran the management components in a cluster that was also registered, repeat these steps for the MGMT_CONTEXT. If you registered multiple remote clusters, repeat these steps for each remote cluster.