»Uninstall Consul

Uninstalling Consul requires running helm delete and then manually cleaning up some resources that Helm does not delete.

1. First, run helm delete:

   $ helm delete hashicorp
   release "hashicorp" uninstalled
   

   If using Helm 2, run helm delete --purge hashicorp

2. After deleting the Helm release, you need to delete the PersistentVolumeClaim's for the persistent volumes that store Consul's data. These are not deleted by Helm due to a bug. To delete, run:

   $ kubectl get pvc -l chart=consul-helm
   NAME                                   STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
   data-default-hashicorp-consul-server-0   Bound    pvc-32cb296b-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
   data-default-hashicorp-consul-server-1   Bound    pvc-32d79919-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
   data-default-hashicorp-consul-server-2   Bound    pvc-331581ea-1213-11ea-b6f0-42010a8001db   10Gi       RWO            standard       17m
   
   $ kubectl delete pvc -l chart=consul-helm
   persistentvolumeclaim "data-default-hashicorp-consul-server-0" deleted
   persistentvolumeclaim "data-default-hashicorp-consul-server-1" deleted
   persistentvolumeclaim "data-default-hashicorp-consul-server-2" deleted
   

   NOTE: This will delete all data stored in Consul and it can't be recovered unless you've taken other backups.

3. If installing with ACLs enabled, you will need to then delete the ACL secrets:

$ kubectl get secret | grep consul | grep Opaque
consul-acl-replication-acl-token    Opaque                                1      41m
consul-bootstrap-acl-token          Opaque                                1      41m
consul-client-acl-token             Opaque                                1      41m
consul-connect-inject-acl-token     Opaque                                1      37m
consul-controller-acl-token         Opaque                                1      37m
consul-federation                   Opaque                                4      41m
consul-mesh-gateway-acl-token       Opaque                                1      41m

Ensure that the secrets you're about to delete are all created by Consul and not created by someone else that happen to have the word consul.

$ kubectl get secret | grep consul | grep Opaque | awk '{print $1}' | xargs kubectl delete secret
secret "consul-acl-replication-acl-token" deleted
secret "consul-bootstrap-acl-token" deleted
secret "consul-client-acl-token" deleted
secret "consul-connect-inject-acl-token" deleted
secret "consul-controller-acl-token" deleted
secret "consul-federation" deleted
secret "consul-mesh-gateway-acl-token" deleted
secret "consul-gossip-encryption-key" deleted

1. If installing with controller.enabled then you will need to delete the webhook certificate:

   $ kubectl get secret consul-controller-webhook-cert
   NAME                             TYPE                DATA   AGE
   consul-controller-webhook-cert   kubernetes.io/tls   2      47m
   

   $ kubectl delete secret consul-controller-webhook-cert
   secret "consul-consul-controller-webhook-cert" deleted
   

2. If installing with tls.enabled then there will be a ServiceAccount that is left behind:

   $ kubectl get serviceaccount consul-tls-init
   NAME              SECRETS   AGE
   consul-tls-init   1         47m
   

   $ kubectl delete serviceaccount consul-tls-init
   serviceaccount "consul-tls-init" deleted