×

Removing a cluster that uses installer-provisioned infrastructure

You can remove a cluster that uses installer-provisioned infrastructure from your cloud.

After uninstallation, check your cloud provider for any resources not removed properly, especially with user-provisioned infrastructure clusters. There might be resources that the installation program did not create or that the installation program is unable to access.

Prerequisites
  • You have a copy of the installation program that you used to deploy the cluster.

  • You have the files that the installation program generated when you created your cluster.

Procedure
  1. On the computer that you used to install the cluster, go to the directory that contains the installation program, and run the following command:

    $ ./openshift-install destroy cluster \
    --dir <installation_directory> --log-level info  (1) (2)
    1 For <installation_directory>, specify the path to the directory that you stored the installation files in.
    2 To view different details, specify warn, debug, or error instead of info.

    You must specify the directory that contains the cluster definition files for your cluster. The installation program requires the metadata.json file in this directory to delete the cluster.

  2. Optional: Delete the <installation_directory> directory and the OKD installation program.

Deleting AWS resources with the Cloud Credential Operator utility

To clean up resources after uninstalling an OKD cluster with the Cloud Credential Operator (CCO) in manual mode with STS, you can use the CCO utility (ccoctl) to remove the AWS resources that ccoctl created during installation.

Prerequisites
  • Extract and prepare the ccoctl binary.

  • Install an OKD cluster with the CCO in manual mode with STS.

Procedure
  • Delete the AWS resources that ccoctl created:

    $ ccoctl aws delete \
      --name=<name> \ (1)
      --region=<aws_region> (2)
    
    1 <name> matches the name that was originally used to create and tag the cloud resources.
    2 <aws_region> is the AWS region in which to delete cloud resources.
    Example output:
    2021/04/08 17:50:41 Identity Provider object .well-known/openid-configuration deleted from the bucket <name>-oidc
    2021/04/08 17:50:42 Identity Provider object keys.json deleted from the bucket <name>-oidc
    2021/04/08 17:50:43 Identity Provider bucket <name>-oidc deleted
    2021/04/08 17:51:05 Policy <name>-openshift-cloud-credential-operator-cloud-credential-o associated with IAM Role <name>-openshift-cloud-credential-operator-cloud-credential-o deleted
    2021/04/08 17:51:05 IAM Role <name>-openshift-cloud-credential-operator-cloud-credential-o deleted
    2021/04/08 17:51:07 Policy <name>-openshift-cluster-csi-drivers-ebs-cloud-credentials associated with IAM Role <name>-openshift-cluster-csi-drivers-ebs-cloud-credentials deleted
    2021/04/08 17:51:07 IAM Role <name>-openshift-cluster-csi-drivers-ebs-cloud-credentials deleted
    2021/04/08 17:51:08 Policy <name>-openshift-image-registry-installer-cloud-credentials associated with IAM Role <name>-openshift-image-registry-installer-cloud-credentials deleted
    2021/04/08 17:51:08 IAM Role <name>-openshift-image-registry-installer-cloud-credentials deleted
    2021/04/08 17:51:09 Policy <name>-openshift-ingress-operator-cloud-credentials associated with IAM Role <name>-openshift-ingress-operator-cloud-credentials deleted
    2021/04/08 17:51:10 IAM Role <name>-openshift-ingress-operator-cloud-credentials deleted
    2021/04/08 17:51:11 Policy <name>-openshift-machine-api-aws-cloud-credentials associated with IAM Role <name>-openshift-machine-api-aws-cloud-credentials deleted
    2021/04/08 17:51:11 IAM Role <name>-openshift-machine-api-aws-cloud-credentials deleted
    2021/04/08 17:51:39 Identity Provider with ARN arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com deleted
Verification
  • To verify that the resources are deleted, query AWS. For more information, refer to AWS documentation.

Deleting a cluster with a configured AWS Local Zone infrastructure

After you install a cluster on Amazon Web Services (AWS) into an existing Virtual Private Cloud (VPC), and you set subnets for each Local Zone location, you can delete the cluster and any AWS resources associated with it.

The example in the procedure assumes that you created a VPC and its subnets by using a CloudFormation template.

Prerequisites
  • You know the name of the CloudFormation stacks, <local_zone_stack_name> and <vpc_stack_name>, that were used during the creation of the network. You need the name of the stack to delete the cluster.

  • You have access rights to the directory that contains the installation files that were created by the installation program.

  • Your account includes a policy that provides you with permissions to delete the CloudFormation stack.

Procedure
  1. Change to the directory that contains the stored installation program, and delete the cluster by using the destroy cluster command:

    $ ./openshift-install destroy cluster --dir <installation_directory> \(1)
       --log-level=debug (2)
    1 For <installation_directory>, specify the directory that stored any files created by the installation program.
    2 To view different log details, specify error, info, or warn instead of debug.
  2. Delete the CloudFormation stack for the Local Zone subnet:

    $ aws cloudformation delete-stack --stack-name <local_zone_stack_name>
  3. Delete the stack of resources that represent the VPC:

    $ aws cloudformation delete-stack --stack-name <vpc_stack_name>
Verification
  • Check that you removed the stack resources by issuing the following commands in the AWS CLI. The AWS CLI outputs that no template component exists.

    $ aws cloudformation describe-stacks --stack-name <local_zone_stack_name>
    $ aws cloudformation describe-stacks --stack-name <vpc_stack_name>
Additional resources