Skip to content
home
2.10.x
Management plane
You are viewing the documentation for Solo Enterprise for Istio, formerly known as Gloo Mesh (OSS APIs).

Uninstall

Page as Markdown
Uninstall Solo Enterprise for Istio or deregister your cluster from the Gloo management plane.
If you no longer need your Solo Enterprise for Istio environment, you can uninstall Solo Enterprise for Istio components, such as the control and data plane, and any Gloo-managed Istio installations.
Single cluster

Ambient service mesh

If you installed an ambient mesh with the Gloo Operator:
  1. Delete the ServiceMeshController resource.
    kubectl delete ServiceMeshController managed-istio
  2. Optional: Uninstall the Gloo Operator.
    helm uninstall -n gloo-mesh gloo-operator
  3. Delete the Istio namespace.
    kubectl delete namespace istio-system
  4. Delete the Istio CRDs.
    kubectl get crds | grep 'istio.io' | awk '{print $1}' | xargs kubectl delete crd
If you manually deployed an ambient mesh with Helm:
  1. Uninstall the ztunnel Helm release.
    helm uninstall -n istio-system ztunnel
  2. Uninstall the Istio CNI.
    helm uninstall -n istio-system istio-cni
  3. Uninstall the istiod control plane.
    helm uninstall -n istio-system istiod
  4. Uninstall the Istio CRDs.
    helm uninstall -n istio-system istio-base
  5. Delete the Istio namespaces.
    kubectl delete namespace istio-system
Sidecar service mesh

If you installed a sidecar mesh with the Gloo Operator:
  1. Delete the ServiceMeshController resource.
    kubectl delete ServiceMeshController managed-istio
  2. Optional: Uninstall the Gloo Operator.
    helm uninstall -n gloo-mesh gloo-operator
  3. Delete the Istio namespace.
    kubectl delete namespace istio-system
  4. Delete the Istio CRDs.
    kubectl get crds | grep 'istio.io' | awk '{print $1}' | xargs kubectl delete crd
If you manually deployed a sidecar mesh with Helm:
  1. Uninstall the Helm release for istiod. Note that your release name might be different.
    helm uninstall -n istio-system istiod-gloo
  2. Optional: Uninstall the Istio CNI.
    helm uninstall -n kube-system istio-cni
  3. Uninstall the Istio CRDs.
    helm uninstall -n istio-system istio-base
  4. Delete the Istio namespace.
    kubectl delete namespace istio-system
Solo Enterprise for Istio

  1. Uninstall the Solo Enterprise for Istio release.
    helm uninstall gloo-platform -n gloo-mesh
  2. Uninstall any Gloo CRDs, such as by deleting the CRD Helm release.
    helm uninstall gloo-platform-crds -n gloo-mesh
    If you do not have a CRD Helm release, check for and manually remove any CRDs.
    kubectl get crds | grep solo
kubectl delete crd <$CRD>
  3. Delete the gloo-mesh namespace.
    kubectl delete namespace gloo-mesh
Multicluster

Before you begin, save the names and contexts of the clusters you want to uninstall Solo Enterprise for Istio from.
export MGMT_CLUSTER=<management-cluster>
export REMOTE_CLUSTER1=<remote-cluster1>
export REMOTE_CLUSTER2=<remote-cluster2>
export MGMT_CONTEXT=<management-cluster-context>
export REMOTE_CONTEXT1=<remote-cluster1-context>
export REMOTE_CONTEXT2=<remote-cluster2-context>
Ambient service mesh

If you installed a multicluster ambient mesh with the Gloo Operator:
  1. Save the name and kubeconfig context of one of your clusters in the following environment variables. Each time you repeat the steps in this section, you change these variables to the next workload cluster’s name and context.
    export CLUSTER_NAME=<cluster-name>
export CLUSTER_CONTEXT=<cluster-context>
  2. Delete the east-west gateway.
    kubectl delete gateway istio-eastwest -n istio-eastwest --context $CLUSTER_CONTEXT
  3. List the remote peering gateways for other clusters in your setup.
    kubectl get gateways -n istio-eastwest --context $CLUSTER_CONTEXT
    Example output for a remote peer gateway for one linked cluster:
    NAME                                     CLASS            ADDRESS     PROGRAMMED   AGE
istio-remote-peer-cluster2               istio-remote     <address>   True         16m
  4. Delete the istio-remote-peer gateway for each linked cluster.
    kubectl delete gateway -n istio-eastwest --context $CLUSTER_CONTEXT istio-remote-peer-<cluster>
  5. Delete the ServiceMeshController resource and gloo-extensions-config configmap.
    kubectl delete ServiceMeshController managed-istio --context $CLUSTER_CONTEXT
kubectl delete cm gloo-extensions-config -n gloo-mesh --context $CLUSTER_CONTEXT
  6. Optional: Uninstall the Gloo Operator.
    helm uninstall -n gloo-mesh gloo-operator --kube-context $CLUSTER_CONTEXT
  7. Delete the ca-certs secret.
    kubectl delete secret cacerts -n istio-system --context $CLUSTER_CONTEXT
  8. Delete the Istio namespaces.
    kubectl delete namespace istio-system --context $CLUSTER_CONTEXT
kubectl delete namespace istio-eastwest --context $CLUSTER_CONTEXT
  9. Delete the Istio CRDs.
    kubectl get crds --context $CLUSTER_CONTEXT | grep 'istio.io' | awk '{print $1}' | xargs kubectl delete crd --context $CLUSTER_CONTEXT
  10. Repeat these steps for each cluster in the multicluster mesh setup. Be sure to reset the values of the $CLUSTER_NAME and $CLUSTER_CONTEXT environment variables each time you repeat the steps.
If you manually deployed a multicluster ambient mesh with Helm:
  1. Save the name and kubeconfig context of one of your clusters in the following environment variables. Each time you repeat the steps in this section, you change these variables to the next workload cluster’s name and context.
    export CLUSTER_NAME=<cluster-name>
export CLUSTER_CONTEXT=<cluster-context>
  2. Delete the east-west gateway.
    kubectl delete gateway istio-eastwest -n istio-eastwest --context $CLUSTER_CONTEXT
  3. List the remote peering gateways for other clusters in your setup.
    kubectl get gateways -n istio-eastwest --context $CLUSTER_CONTEXT
    Example output for a remote peer gateway for one linked cluster:
    NAME                                     CLASS            ADDRESS     PROGRAMMED   AGE
istio-remote-peer-cluster2               istio-remote     <address>   True         16m
  4. Delete the istio-remote-peer gateway for each linked cluster.
    kubectl delete gateway -n istio-eastwest --context $CLUSTER_CONTEXT istio-remote-peer-<cluster>
  5. Uninstall the Helm releases for ztunnel, CNI, istiod, and the CRDs.
    helm uninstall -n istio-system ztunnel --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istio-cni --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istiod --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istio-base --kube-context $CLUSTER_CONTEXT
  6. Delete the ca-certs secret.
    kubectl delete secret cacerts -n istio-system --context $CLUSTER_CONTEXT
  7. Delete the Istio namespaces.
    kubectl delete namespace istio-system --context $CLUSTER_CONTEXT
kubectl delete namespace istio-eastwest --context $CLUSTER_CONTEXT
  8. Repeat these steps for each cluster in the multicluster mesh setup. Be sure to reset the values of the $CLUSTER_NAME and $CLUSTER_CONTEXT environment variables each time you repeat the steps.
Sidecar service mesh

If you installed a multicluster sidecar mesh with the Gloo Operator:
  1. Save the name and kubeconfig context of one of your clusters in the following environment variables. Each time you repeat the steps in this section, you change these variables to the next workload cluster’s name and context.
    export CLUSTER_NAME=<cluster-name>
export CLUSTER_CONTEXT=<cluster-context>
  2. Delete the east-west gateway.
    kubectl delete gateway istio-eastwest -n istio-eastwest --context $CLUSTER_CONTEXT
  3. List the remote peering gateways for other clusters in your setup.
    kubectl get gateways -n istio-eastwest --context $CLUSTER_CONTEXT
    Example output for a remote peer gateway for one linked cluster:
    NAME                                     CLASS            ADDRESS     PROGRAMMED   AGE
istio-remote-peer-cluster2               istio-remote     <address>   True         16m
  4. Delete the istio-remote-peer gateway for each linked cluster.
    kubectl delete gateway -n istio-eastwest --context $CLUSTER_CONTEXT istio-remote-peer-<cluster>
  5. Delete the ServiceMeshController resource and gloo-extensions-config configmap.
    kubectl delete ServiceMeshController managed-istio --context $CLUSTER_CONTEXT
kubectl delete cm gloo-extensions-config -n gloo-mesh --context $CLUSTER_CONTEXT
  6. Optional: Uninstall the Gloo Operator.
    helm uninstall -n gloo-mesh gloo-operator --kube-context $CLUSTER_CONTEXT
  7. Delete the ca-certs secret.
    kubectl delete secret cacerts -n istio-system --context $CLUSTER_CONTEXT
  8. Delete the Istio namespaces.
    kubectl delete namespace istio-system --context $CLUSTER_CONTEXT
kubectl delete namespace istio-eastwest --context $CLUSTER_CONTEXT
  9. Delete the Istio CRDs.
    kubectl get crds --context $CLUSTER_CONTEXT | grep 'istio.io' | awk '{print $1}' | xargs kubectl delete crd --context $CLUSTER_CONTEXT
  10. Repeat these steps for each cluster in the multicluster mesh setup. Be sure to reset the values of the $CLUSTER_NAME and $CLUSTER_CONTEXT environment variables each time you repeat the steps.
If you manually deployed a multicluster sidecar mesh with Helm:
  1. Save the name and kubeconfig context of one of your clusters in the following environment variables. Each time you repeat the steps in this section, you change these variables to the next workload cluster’s name and context.
    export CLUSTER_NAME=<cluster-name>
export CLUSTER_CONTEXT=<cluster-context>
  2. Delete the east-west gateway.
    kubectl delete gateway istio-eastwest -n istio-eastwest --context $CLUSTER_CONTEXT
  3. List the remote peering gateways for other clusters in your setup.
    kubectl get gateways -n istio-eastwest --context $CLUSTER_CONTEXT
    Example output for a remote peer gateway for one linked cluster:
    NAME                                     CLASS            ADDRESS     PROGRAMMED   AGE
istio-remote-peer-cluster2               istio-remote     <address>   True         16m
  4. Delete the istio-remote-peer gateway for each linked cluster.
    kubectl delete gateway -n istio-eastwest --context $CLUSTER_CONTEXT istio-remote-peer-<cluster>
  5. Uninstall the Helm releases for ztunnel, CNI, istiod, and the CRDs.
    helm uninstall -n istio-system ztunnel --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istio-cni --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istiod --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istio-base --kube-context $CLUSTER_CONTEXT
  6. Delete the ca-certs secret.
    kubectl delete secret cacerts -n istio-system --context $CLUSTER_CONTEXT
  7. Delete the Istio namespaces.
    kubectl delete namespace istio-system --context $CLUSTER_CONTEXT
kubectl delete namespace istio-eastwest --context $CLUSTER_CONTEXT
  8. Repeat these steps for each cluster in the multicluster mesh setup. Be sure to reset the values of the $CLUSTER_NAME and $CLUSTER_CONTEXT environment variables each time you repeat the steps.
Solo Enterprise for Istio

  1. Uninstall the Gloo agent that runs on each workload cluster.
    meshctl cluster deregister \
    --kubecontext $MGMT_CONTEXT \
    --remote-context $REMOTE_CONTEXT1 \
    $REMOTE_CLUSTER1
    meshctl cluster deregister \
    --kubecontext $MGMT_CONTEXT \
    --remote-context $REMOTE_CONTEXT2 \
    $REMOTE_CLUSTER2
    1. Uninstall the agent Helm releases.
      helm uninstall gloo-platform -n gloo-mesh --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-platform -n gloo-mesh --kube-context $REMOTE_CONTEXT2
    2. Delete the corresponding KubernetesCluster resources from the management cluster.
      kubectl delete kubernetescluster $REMOTE_CLUSTER1 $REMOTE_CLUSTER2 -n gloo-mesh --context $MGMT_CONTEXT
    3. Delete the relay secrets from each workload cluster, as you cannot reuse the same secret if you decide to re-register the agent later.
      kubectl delete secret -n gloo-mesh relay-client-tls-secret --context $REMOTE_CONTEXT1
kubectl delete secret -n gloo-mesh relay-identity-token-secret --context $REMOTE_CONTEXT1
kubectl delete secret -n gloo-mesh relay-root-tls-secret --context $REMOTE_CONTEXT1
      kubectl delete secret -n gloo-mesh relay-client-tls-secret --context $REMOTE_CONTEXT2
kubectl delete secret -n gloo-mesh relay-identity-token-secret --context $REMOTE_CONTEXT2
kubectl delete secret -n gloo-mesh relay-root-tls-secret --context $REMOTE_CONTEXT2
    4. Uninstall any Gloo CRDs, such as by deleting the CRD Helm release.
      helm uninstall gloo-platform-crds -n gloo-mesh --kube-context $REMOTE_CONTEXT1
helm uninstall gloo-platform-crds -n gloo-mesh --kube-context $REMOTE_CONTEXT2
      If you do not have a CRD Helm release, check for and manually remove any CRDs.
      kubectl get crds --context $REMOTE_CONTEXT1 | grep solo
kubectl delete --context $REMOTE_CONTEXT1 crd <$CRD>
kubectl get crds --context $REMOTE_CONTEXT2 | grep solo
kubectl delete --context $REMOTE_CONTEXT2 crd <$CRD>
  2. Delete the gloo-mesh namespaces from each workload cluster.
    kubectl --context $REMOTE_CONTEXT1 delete namespace gloo-mesh
kubectl --context $REMOTE_CONTEXT2 delete namespace gloo-mesh
  3. Uninstall the Gloo management plane components from the management cluster.
    helm uninstall gloo-platform -n gloo-mesh --kube-context $MGMT_CONTEXT
helm uninstall gloo-platform-crds -n gloo-mesh --kube-context $MGMT_CONTEXT
  4. Delete the gloo-mesh namespace from the management cluster.
    kubectl --context $MGMT_CONTEXT delete namespace gloo-mesh
Upgrade