Uninstall Consul

    Issue the command to remove Consul on Kubernetes. You can specify the installation name, namespace, and data retention behavior using the applicable options. By default, the uninstall preserves the secrets and PVCs that are provisioned by Consul on Kubernetes.

    1. $ consul-k8s uninstall <OPTIONS>

    In the following example, Consul will be uninstalled and the data removed without prompting you to verify the operations:

    1. $ consul-k8s uninstall -auto-approve=true -wipe-data=true
    1. $ consul-k8s uninstall -auto-approve=true -wipe-data=true

    Refer to the Consul K8s CLI reference topic for details.

    Helm commands

    1. Although the Helm chart automates the deletion of CRDs upon uninstall, sometimes the finalizers tied to those CRDs may not complete because the deletion of the CRDs rely on the Consul K8s controller running. Ensure that previously created CRDs for Consul on Kubernetes are deleted, so subsequent installs of Consul on Kubernetes on the same Kubernetes cluster do not get blocked.

      1. $ kubectl delete crd --selector app=consul
      1. $ kubectl delete crd --selector app=consul

    2. (Optional) If Consul is installed in a dedicated namespace, set the kubeConfig context to the consul namespace. Otherwise, subsequent commands will need to include --namespace consul.

      1. $ kubectl config set-context --current --namespace=consul

    3. Run the helm uninstall <release-name> command and specify the release name you’ve installed Consul with, e.g.,:

      1. $ helm uninstall consul
      2. release "consul" uninstalled
      1. $ helm uninstall consul
      2. release "consul" uninstalled
      1. $ kubectl get pvc --selector="chart=consul-helm"
      2. NAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
      3. data-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
      4. data-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
      5. data-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
      7. $ kubectl delete pvc --selector="chart=consul-helm"
      8. persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
      1. $ kubectl get pvc --selector="chart=consul-helm"
      2. NAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
      3. data-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
      4. data-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
      5. data-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
      7. $ kubectl delete pvc --selector="chart=consul-helm"
      8. persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
      9. persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
      10. persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted

      NOTE: This will delete all data stored in Consul and it can’t be recovered unless you’ve taken other backups.

    5. If installing with ACLs enabled, you will need to then delete the ACL secrets:

      1. $ kubectl get secrets --field-selector="type=Opaque" | grep consul
      2. consul-acl-replication-acl-token    Opaque                                1      41m
      3. consul-bootstrap-acl-token          Opaque                                1      41m
      4. consul-client-acl-token             Opaque                                1      41m
      5. consul-connect-inject-acl-token     Opaque                                1      37m
      6. consul-controller-acl-token         Opaque                                1      37m
      7. consul-federation                   Opaque                                4      41m
      8. consul-mesh-gateway-acl-token       Opaque                                1      41m
      1. $ kubectl get secrets --field-selector="type=Opaque" | grep consul
      2. consul-acl-replication-acl-token    Opaque                                1      41m
      3. consul-bootstrap-acl-token          Opaque                                1      41m
      4. consul-client-acl-token             Opaque                                1      41m
      5. consul-controller-acl-token         Opaque                                1      37m
      7. consul-mesh-gateway-acl-token       Opaque                                1      41m

    6. Ensure that the secrets you’re about to delete are all created by Consul and not created by another user with the word consul.

      1. $ kubectl get secrets --field-selector="type=Opaque" | grep consul | awk '{print $1}' | xargs kubectl delete secret
      2. secret "consul-acl-replication-acl-token" deleted
      3. secret "consul-bootstrap-acl-token" deleted
      4. secret "consul-client-acl-token" deleted
      5. secret "consul-connect-inject-acl-token" deleted
      6. secret "consul-controller-acl-token" deleted
      7. secret "consul-federation" deleted
      8. secret "consul-mesh-gateway-acl-token" deleted
      9. secret "consul-gossip-encryption-key" deleted
      1. $ kubectl get serviceaccount consul-tls-init
      2. NAME              SECRETS   AGE
      3. consul-tls-init   1         47m
      1. $ kubectl get serviceaccount consul-tls-init
      2. NAME              SECRETS   AGE
      3. consul-tls-init   1         47m
      1. $ kubectl delete serviceaccount consul-tls-init
      2. serviceaccount "consul-tls-init" deleted
      1. $ kubectl delete serviceaccount consul-tls-init
      2. serviceaccount "consul-tls-init" deleted