»Uninstall Consul

Uninstalling Consul requires running helm delete and then manually cleaning up some resources that Helm does not delete.

  1. First, run helm delete:

    $ helm delete hashicorp
    release "hashicorp" uninstalled
  2. After deleting the Helm release, you need to delete the PersistentVolumeClaim's for the persistent volumes that store Consul's data. These are not deleted by Helm due to a bug. To delete, run:

    $ kubectl get pvc -l chart=consul-helm
    NAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
    data-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    data-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    data-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
    $ kubectl delete pvc -l chart=consul-helm
    persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
    persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
    persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
  3. If installing with ACLs enabled, you will need to then delete the ACL secrets:

$ kubectl get secret | grep consul | grep Opaque
consul-acl-replication-acl-token    Opaque                                1      41m
consul-bootstrap-acl-token          Opaque                                1      41m
consul-client-acl-token             Opaque                                1      41m
consul-connect-inject-acl-token     Opaque                                1      37m
consul-controller-acl-token         Opaque                                1      37m
consul-federation                   Opaque                                4      41m
consul-mesh-gateway-acl-token       Opaque                                1      41m

Ensure that the secrets you're about to delete are all created by Consul and not created by someone else that happen to have the word consul.

$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
secret "consul-acl-replication-acl-token" deleted
secret "consul-bootstrap-acl-token" deleted
secret "consul-client-acl-token" deleted
secret "consul-connect-inject-acl-token" deleted
secret "consul-controller-acl-token" deleted
secret "consul-federation" deleted
secret "consul-mesh-gateway-acl-token" deleted
secret "consul-gossip-encryption-key" deleted
  1. If installing with controller.enabled then you will need to delete the webhook certificate:

    $ kubectl get secret consul-controller-webhook-cert
    NAME                             TYPE                DATA   AGE
    consul-controller-webhook-cert   kubernetes.io/tls   2      47m
    $ kubectl delete secret consul-controller-webhook-cert
    secret "consul-consul-controller-webhook-cert" deleted
  2. If installing with tls.enabled then there will be a ServiceAccount that is left behind:

    $ kubectl get serviceaccount consul-tls-init
    NAME              SECRETS   AGE
    consul-tls-init   1         47m
    $ kubectl delete serviceaccount consul-tls-init
    serviceaccount "consul-tls-init" deleted