»Uninstall Consul

You can uninstall Consul using Helm commands or the Consul K8s CLI.

»Helm commands

Run the helm uninstall and manually remove resources that Helm does not delete.

First, run helm uninstall:

$ helm uninstall hashicorp
release "hashicorp" uninstalled

$ helm uninstall hashicorprelease "hashicorp" uninstalled

After deleting the Helm release, you need to delete the PersistentVolumeClaim's for the persistent volumes that store Consul's data. A bug in Helm prevents PVCs from being deleted. Issue the following commands:

$ kubectl get pvc -l chart=consul-helm
NAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
data-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
data-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
data-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m

$ kubectl delete pvc -l chart=consul-helm
persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted

$ kubectl get pvc -l chart=consul-helmNAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGEdata-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17mdata-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17mdata-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
$ kubectl delete pvc -l chart=consul-helmpersistentvolumeclaim "data-default-hashicorp-consul-server-0" deletedpersistentvolumeclaim "data-default-hashicorp-consul-server-1" deletedpersistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted

NOTE: This will delete all data stored in Consul and it can't be recovered unless you've taken other backups.

If installing with ACLs enabled, you will need to then delete the ACL secrets:

$ kubectl get secret | grep consul | grep Opaque
consul-acl-replication-acl-token    Opaque                                1      41m
consul-bootstrap-acl-token          Opaque                                1      41m
consul-client-acl-token             Opaque                                1      41m
consul-connect-inject-acl-token     Opaque                                1      37m
consul-controller-acl-token         Opaque                                1      37m
consul-federation                   Opaque                                4      41m
consul-mesh-gateway-acl-token       Opaque                                1      41m

$ kubectl get secret | grep consul | grep Opaqueconsul-acl-replication-acl-token    Opaque                                1      41mconsul-bootstrap-acl-token          Opaque                                1      41mconsul-client-acl-token             Opaque                                1      41mconsul-connect-inject-acl-token     Opaque                                1      37mconsul-controller-acl-token         Opaque                                1      37mconsul-federation                   Opaque                                4      41mconsul-mesh-gateway-acl-token       Opaque                                1      41m

Ensure that the secrets you're about to delete are all created by Consul and not created by another user with the word consul.

$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
secret "consul-acl-replication-acl-token" deleted
secret "consul-bootstrap-acl-token" deleted
secret "consul-client-acl-token" deleted
secret "consul-connect-inject-acl-token" deleted
secret "consul-controller-acl-token" deleted
secret "consul-federation" deleted
secret "consul-mesh-gateway-acl-token" deleted
secret "consul-gossip-encryption-key" deleted

$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secretsecret "consul-acl-replication-acl-token" deletedsecret "consul-bootstrap-acl-token" deletedsecret "consul-client-acl-token" deletedsecret "consul-connect-inject-acl-token" deletedsecret "consul-controller-acl-token" deletedsecret "consul-federation" deletedsecret "consul-mesh-gateway-acl-token" deletedsecret "consul-gossip-encryption-key" deleted

If installing with tls.enabled then, run the following commands to delete the ServiceAccount left behind:

$ kubectl get serviceaccount consul-tls-init
NAME              SECRETS   AGE
consul-tls-init   1         47m

$ kubectl get serviceaccount consul-tls-initNAME              SECRETS   AGEconsul-tls-init   1         47m

$ kubectl delete serviceaccount consul-tls-init
serviceaccount "consul-tls-init" deleted

$ kubectl delete serviceaccount consul-tls-initserviceaccount "consul-tls-init" deleted

»Consul K8s CLI

Issue the consul-k8s uninstall command to remove Consul on Kubernetes. You can specify the installation name, namespace, and data retention behavior using the applicable options. By default, the uninstallation preserves the secrets and PVCs that are provisioned by Consul on Kubernetes.

$ consul-k8s uninstall <OPTIONS>

$ consul-k8s uninstall <OPTIONS>

In the following example, Consul will be uninstalled and the data removed without prompting you to verify the operations:

$ consul-k8s uninstall -auto-approve=true -wipe-data=true

$ consul-k8s uninstall -auto-approve=true -wipe-data=true

Refer to the Consul K8s CLI reference topic for details.