Uninstalling a cluster on GCP

You can remove a cluster that you deployed to Google Cloud Platform (GCP).

Removing a cluster that uses installer-provisioned infrastructure

You can remove a cluster that uses installer-provisioned infrastructure from your cloud.

After uninstallation, check your cloud provider for any resources not removed properly, especially with User Provisioned Infrastructure (UPI) clusters. There might be resources that the installer did not create or that the installer is unable to access. For example, some Google Cloud resources require IAM permissions in shared VPC host projects, or there might be unused health checks that must be deleted.

Prerequisites

  • You have a copy of the installation program that you used to deploy the cluster.

  • You have the files that the installation program generated when you created your cluster.

Procedure

  1. On the computer that you used to install the cluster, go to the directory that contains the installation program, and run the following command:

    1. $ ./openshift-install destroy cluster \
    2. --dir <installation_directory> --log-level info (1) (2)
    1For <installation_directory>, specify the path to the directory that you stored the installation files in.
    2To view different details, specify warn, debug, or error instead of info.

    You must specify the directory that contains the cluster definition files for your cluster. The installation program requires the metadata.json file in this directory to delete the cluster.

  2. Optional: Delete the <installation_directory> directory and the OKD installation program.

Deleting GCP resources with the Cloud Credential Operator utility

To clean up resources after uninstalling an OKD cluster with the Cloud Credential Operator (CCO) in manual mode with GCP Workload Identity, you can use the CCO utility (ccoctl) to remove the GCP resources that ccoctl created during installation.

Prerequisites

  • Extract and prepare the ccoctl binary.

  • Install an OKD cluster with the CCO in manual mode with GCP Workload Identity.

Procedure

  • Delete the GCP resources that ccoctl created:

    1. $ ccoctl gcp delete --name=<name> --project=<gcp_project_id>

    where:

    • <name> matches the name used to originally create and tag the cloud resources.

    • <gcp_project_id> is the GCP project ID in which cloud resources will be deleted.

      Example output:

      1. 2021/04/08 17:50:41 Identity Provider object .well-known/openid-configuration deleted from the bucket <name>-oidc
      2. 2021/04/08 17:50:42 Identity Provider object keys.json deleted from the bucket <name>-oidc
      3. 2021/04/08 17:50:43 Identity Provider bucket <name>-oidc deleted
      4. 2021/04/08 17:51:05 Policy <name>-openshift-cloud-credential-operator-cloud-credential-o associated with IAM Role <name>-openshift-cloud-credential-operator-cloud-credential-o deleted
      5. 2021/04/08 17:51:05 IAM Role <name>-openshift-cloud-credential-operator-cloud-credential-o deleted
      6. 2021/04/08 17:51:07 Policy <name>-openshift-cluster-csi-drivers-ebs-cloud-credentials associated with IAM Role <name>-openshift-cluster-csi-drivers-ebs-cloud-credentials deleted
      7. 2021/04/08 17:51:07 IAM Role <name>-openshift-cluster-csi-drivers-ebs-cloud-credentials deleted
      8. 2021/04/08 17:51:08 Policy <name>-openshift-image-registry-installer-cloud-credentials associated with IAM Role <name>-openshift-image-registry-installer-cloud-credentials deleted
      9. 2021/04/08 17:51:08 IAM Role <name>-openshift-image-registry-installer-cloud-credentials deleted
      10. 2021/04/08 17:51:09 Policy <name>-openshift-ingress-operator-cloud-credentials associated with IAM Role <name>-openshift-ingress-operator-cloud-credentials deleted
      11. 2021/04/08 17:51:10 IAM Role <name>-openshift-ingress-operator-cloud-credentials deleted
      12. 2021/04/08 17:51:11 Policy <name>-openshift-machine-api-aws-cloud-credentials associated with IAM Role <name>-openshift-machine-api-aws-cloud-credentials deleted
      13. 2021/04/08 17:51:11 IAM Role <name>-openshift-machine-api-aws-cloud-credentials deleted
      14. 2021/04/08 17:51:39 Identity Provider with ARN arn:aws:iam::<aws_account_id>:oidc-provider/<name>-oidc.s3.<aws_region>.amazonaws.com deleted

Verification

  • To verify that the resources are deleted, query GCP. For more information, refer to GCP documentation.