Single cluster

Helm

If you manually deployed an ambient mesh with Helm:

  1. Uninstall the ztunnel Helm release.

      helm uninstall -n istio-system ztunnel

  2. Uninstall the Istio CNI.

      helm uninstall -n istio-system istio-cni

  3. Uninstall the istiod control plane.

      helm uninstall -n istio-system istiod

  4. Uninstall the Istio CRDs.

      helm uninstall -n istio-system istio-base

  5. Delete the Istio namespaces.

      kubectl delete namespace istio-system

Gloo Operator

If you installed an ambient mesh with the Gloo Operator:

  1. Delete the ServiceMeshController resource.

      kubectl delete ServiceMeshController managed-istio

  2. Optional: Uninstall the Gloo Operator.

      helm uninstall -n gloo-mesh gloo-operator

  3. Delete the Istio namespace.

      kubectl delete namespace istio-system

  4. Delete the Istio CRDs.

      kubectl get crds | grep 'istio.io' | awk '{print $1}' | xargs kubectl delete crd

Multicluster

Helm

If you manually deployed a multicluster ambient mesh with Helm:

  1. Save the name and kubeconfig context of one of your clusters in the following environment variables. Each time you repeat the steps in this section, you change these variables to the next workload cluster’s name and context.

      export CLUSTER_NAME=<cluster-name>
export CLUSTER_CONTEXT=<cluster-context>

  2. Delete the east-west gateway.

      kubectl delete gateway istio-eastwest -n istio-eastwest --context $CLUSTER_CONTEXT

  3. List the remote peering gateways for other clusters in your setup.

      kubectl get gateways -n istio-eastwest --context $CLUSTER_CONTEXT

    Example output for a remote peer gateway for one linked cluster:

      NAME                                     CLASS            ADDRESS     PROGRAMMED   AGE
istio-remote-peer-cluster2               istio-remote     <address>   True         16m

  4. Delete the istio-remote-peer gateway for each linked cluster.

      kubectl delete gateway -n istio-eastwest --context $CLUSTER_CONTEXT istio-remote-peer-<cluster>

  5. Uninstall the Helm releases for ztunnel, CNI, istiod, and the CRDs.

      helm uninstall -n istio-system ztunnel --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istio-cni --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istiod --kube-context $CLUSTER_CONTEXT
helm uninstall -n istio-system istio-base --kube-context $CLUSTER_CONTEXT

  6. Delete the ca-certs secret.

      kubectl delete secret cacerts -n istio-system --context $CLUSTER_CONTEXT

  7. Delete the Istio namespaces.

      kubectl delete namespace istio-system --context $CLUSTER_CONTEXT
kubectl delete namespace istio-eastwest --context $CLUSTER_CONTEXT

  8. Repeat these steps for each cluster in the multicluster mesh setup. Be sure to reset the values of the $CLUSTER_NAME and $CLUSTER_CONTEXT environment variables each time you repeat the steps.

Gloo Operator

If you installed a multicluster ambient mesh with the Gloo Operator:

  1. Save the name and kubeconfig context of one of your clusters in the following environment variables. Each time you repeat the steps in this section, you change these variables to the next workload cluster’s name and context.

      export CLUSTER_NAME=<cluster-name>
export CLUSTER_CONTEXT=<cluster-context>

  2. Delete the east-west gateway.

      kubectl delete gateway istio-eastwest -n istio-eastwest --context $CLUSTER_CONTEXT

  3. List the remote peering gateways for other clusters in your setup.

      kubectl get gateways -n istio-eastwest --context $CLUSTER_CONTEXT

    Example output for a remote peer gateway for one linked cluster:

      NAME                                     CLASS            ADDRESS     PROGRAMMED   AGE
istio-remote-peer-cluster2               istio-remote     <address>   True         16m

  4. Delete the istio-remote-peer gateway for each linked cluster.

      kubectl delete gateway -n istio-eastwest --context $CLUSTER_CONTEXT istio-remote-peer-<cluster>

  5. Delete the ServiceMeshController resource and gloo-extensions-config configmap.

      kubectl delete ServiceMeshController managed-istio --context $CLUSTER_CONTEXT
kubectl delete cm gloo-extensions-config -n gloo-mesh --context $CLUSTER_CONTEXT

  6. Optional: Uninstall the Gloo Operator.

      helm uninstall -n gloo-mesh gloo-operator --kube-context $CLUSTER_CONTEXT

  7. Delete the ca-certs secret.

      kubectl delete secret cacerts -n istio-system --context $CLUSTER_CONTEXT

  8. Delete the Istio namespaces.

      kubectl delete namespace istio-system --context $CLUSTER_CONTEXT
kubectl delete namespace istio-eastwest --context $CLUSTER_CONTEXT

  9. Delete the Istio CRDs.

      kubectl get crds --context $CLUSTER_CONTEXT | grep 'istio.io' | awk '{print $1}' | xargs kubectl delete crd --context $CLUSTER_CONTEXT

  10. Repeat these steps for each cluster in the multicluster mesh setup. Be sure to reset the values of the $CLUSTER_NAME and $CLUSTER_CONTEXT environment variables each time you repeat the steps.