Removing a cluster that uses installer-provisioned infrastructure

You can remove a cluster that uses installer-provisioned infrastructure from your cloud.

After uninstallation, check your cloud provider for any resources not removed properly, especially with User Provisioned Infrastructure (UPI) clusters. There might be resources that the installer did not create or that the installer is unable to access. For example, some Google Cloud resources require IAM permissions in shared VPC host projects, or there might be unused health checks that must be deleted.

  • You have a copy of the installation program that you used to deploy the cluster.

  • You have the files that the installation program generated when you created your cluster.

  1. From the directory that contains the installation program on the computer that you used to install the cluster, run the following command:

    $ ./openshift-install destroy cluster \
    --dir <installation_directory> --log-level info  (1) (2)
    1 For <installation_directory>, specify the path to the directory that you stored the installation files in.
    2 To view different details, specify warn, debug, or error instead of info.

    You must specify the directory that contains the cluster definition files for your cluster. The installation program requires the metadata.json file in this directory to delete the cluster.

  2. Optional: Delete the <installation_directory> directory and the OKD installation program.

Deleting Google Cloud Platform resources with the Cloud Credential Operator utility

After uninstalling an OKD cluster that uses short-term credentials managed outside the cluster, you can use the CCO utility (ccoctl) to remove the Google Cloud Platform (GCP) resources that ccoctl created during installation.

  • Extract and prepare the ccoctl binary.

  • Uninstall an OKD cluster on GCP that uses short-term credentials.

  1. Set a $RELEASE_IMAGE variable with the release image from your installation file by running the following command:

    $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
  2. Extract the list of CredentialsRequest custom resources (CRs) from the OKD release image by running the following command:

    $ oc adm release extract \
      --from=$RELEASE_IMAGE \
      --credentials-requests \
      --included \(1)
      --to=<path_to_directory_for_credentials_requests> (2)
    1 The --included parameter includes only the manifests that your specific cluster configuration requires.
    2 Specify the path to the directory where you want to store the CredentialsRequest objects. If the specified directory does not exist, this command creates it.
  3. Delete the GCP resources that ccoctl created by running the following command:

    $ ccoctl gcp delete \
      --name=<name> \(1)
      --project=<gcp_project_id> \(2)
      --credentials-requests-dir=<path_to_credentials_requests_directory> \
      --force-delete-custom-roles (3)
    1 <name> matches the name that was originally used to create and tag the cloud resources.
    2 <gcp_project_id> is the GCP project ID in which to delete cloud resources.
    3 Optional: This parameter deletes the custom roles that the ccoctl utility creates during installation. GCP does not permanently delete custom roles immediately. For more information, see GCP documentation about deleting a custom role.
  • To verify that the resources are deleted, query GCP. For more information, refer to GCP documentation.