Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 9. Uninstalling

You can uninstall OpenShift sandboxed containers and remove the Confidential Containers environment.

9.1. Uninstalling OpenShift sandboxed containers
Link kopieren

You can uninstall OpenShift sandboxed containers by using the OpenShift Container Platform web console or the command line.

You uninstall OpenShift sandboxed containers by performing the following tasks:

  1. Delete the workload pods.
  2. Delete the KataConfig custom resource (CR).
  3. Uninstall the OpenShift sandboxed containers Operator.
  4. Delete the KataConfig custom resource definition (CRD).
Important

You must delete the workload pods before deleting the KataConfig CR. The pod names usually have the prefix podvm and custom tags, if provided. If you deployed OpenShift sandboxed containers or Confidential Containers on a cloud provider and any resources remain after following these procedures, you might receive an unexpected bill for those resources from your cloud provider. Once you complete uninstalling OpenShift sandboxed containers on a cloud provider, check the cloud provider console to ensure that the procedures deleted all of the resources.

You can uninstall OpenShift sandboxed containers by using the OpenShift Container Platform web console.

9.1.1.1. Deleting workload pods
Link kopieren

You can delete the OpenShift sandboxed containers workload pods by using the OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have a list of pods that use the OpenShift sandboxed containers runtime class.

Procedure

  1. In the OpenShift Container Platform web console, navigate to Workloads Pods.
  2. Enter the name of the pod that you want to delete in the Search by name field.
  3. Click the pod name to open it.
  4. On the Details page, check that kata or kata-remote is displayed for Runtime class.
  5. Click the Options menu kebab and select Delete Pod.
  6. Click Delete.

Repeat this procedure for each pod.

Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

9.1.1.2. Deleting the KataConfig custom resource
Link kopieren

You can delete the KataConfig custom resource (CR) by using the web console.

Deleting the KataConfig CR removes and uninstalls the kata or kata-remote runtime and its related resources from your cluster.

Important

Deleting the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. Factors that impede reboot time are as follows:

  • A larger OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.

Procedure

  1. In the OpenShift Container Platform web console, navigate to Operators Installed Operators.
  2. Enter OpenShift sandboxed containers Operator in the Search by name field.
  3. Click the Operator to open it and then click the KataConfig tab.
  4. Click the Options menu kebab and select Delete KataConfig.
  5. Click Delete in the confirmation window.

Wait for the kata or kata-remote runtime and resources to uninstall and for the worker nodes to reboot before continuing to the next step.

Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

9.1.1.3. Uninstalling the OpenShift sandboxed containers Operator
Link kopieren

You can uninstall the OpenShift sandboxed containers Operator by using OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KataConfig custom resource.

Procedure

  1. Navigate to Operators Installed Operators.
  2. Enter OpenShift sandboxed containers Operator in the Search by name field.

  3. On the right side of the Operator Details page, select Uninstall Operator from the Actions list.

    An Uninstall Operator? dialog box is displayed.

  4. Click Uninstall to remove the Operator, Operator deployments, and pods.
  5. Navigate to Administration Namespaces.
  6. Enter openshift-sandboxed-containers-operator in the Search by name field.
  7. Click the Options menu kebab and select Delete Namespace.
  8. In the confirmation dialog, enter openshift-sandboxed-containers-operator and click Delete.

9.1.1.4. Deleting the KataConfig CRD
Link kopieren

You can delete the KataConfig custom resource definition (CRD) by using the OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KataConfig custom resource.
  • You have uninstalled the OpenShift sandboxed containers Operator.

Procedure

  1. In the web console, navigate to Administration CustomResourceDefinitions.
  2. Enter the KataConfig name in the Search by name field.
  3. Click the Options menu and select Delete CustomResourceDefinition.
  4. Click Delete in the confirmation window.

9.1.2. Uninstalling OpenShift sandboxed containers by using the CLI
Link kopieren

You can uninstall OpenShift sandboxed containers by using the command-line interface (CLI).

9.1.2.1. Deleting workload pods
Link kopieren

You can delete the OpenShift sandboxed containers workload pods by using the CLI.

Prerequisites

  • You have the JSON processor (jq) utility installed.

Procedure

  1. Search for the pods by running the following command: 

    $ oc get pods -A -o json | jq -r '.items[] | \
  select(.spec.runtimeClassName == "<runtime>").metadata.name'
    1
    Copy to Clipboard Toggle word wrap
    1
    Replace <runtime> with kata for bare metal deployments, or with kata-remote for AWS, Azure, IBM Z®, and IBM® LinuxONE deployments.

  2. Delete each pod by running the following command: 

    $ oc delete pod <pod>
    Copy to Clipboard Toggle word wrap
Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

9.1.2.2. Deleting the KataConfig custom resource
Link kopieren

You can delete the KataConfig custom resource (CR) by using the command line.

Deleting the KataConfig CR removes the runtime and its related resources from your cluster.

Important

Deleting the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. Factors that impede reboot time are as follows:

  • A larger OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.

Procedure

  1. Delete the KataConfig CR by running the following command: 

    $ oc delete kataconfig example-kataconfig
    Copy to Clipboard Toggle word wrap

    The OpenShift sandboxed containers Operator removes all resources that were initially created to enable the runtime on your cluster.

    Important

    When you delete the KataConfig CR, the CLI stops responding until all worker nodes reboot. You must wait for the deletion process to complete before performing the verification.

  2. Verify that the custom resource was deleted by running the following command: 

    $ oc get kataconfig example-kataconfig
    Copy to Clipboard Toggle word wrap

    Example output

    No example-kataconfig instances exist
    Copy to Clipboard Toggle word wrap

Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

9.1.2.3. Uninstalling the OpenShift sandboxed containers Operator
Link kopieren

You can uninstall the OpenShift sandboxed containers Operator by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KataConfig custom resource.

Procedure

  1. Delete the subscription by running the following command: 

    $ oc delete subscription sandboxed-containers-operator -n openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

  2. Delete the namespace by running the following command: 

    $ oc delete namespace openshift-sandboxed-containers-operator
    Copy to Clipboard Toggle word wrap

9.1.2.4. Deleting the KataConfig CRD
Link kopieren

You can delete the KataConfig custom resource definition (CRD) by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KataConfig custom resource.
  • You have uninstalled the OpenShift sandboxed containers Operator.

Procedure

  1. Delete the KataConfig CRD by running the following command: 

    $ oc delete crd kataconfigs.kataconfiguration.openshift.io
    Copy to Clipboard Toggle word wrap

  2. Verify that the CRD was deleted by running the following command: 

    $ oc get crd kataconfigs.kataconfiguration.openshift.io
    Copy to Clipboard Toggle word wrap

    Example output

    Unknown CRD kataconfigs.kataconfiguration.openshift.io
    Copy to Clipboard Toggle word wrap

9.2. Removing the Confidential Containers environment
Link kopieren

You can remove the Confidential Containers environment by using the OpenShift Container Platform web console or the command line.

You remove the Confidential Containers environment by performing the following tasks:

  1. Delete the KbsConfig custom resource.
  2. Uninstall the Confidential compute attestation Operator.
  3. Delete the KbsConfig custom resource definition.

You can remove the Confidential Containers environment by using the OpenShift Container Platform web console.

9.2.1.1. Deleting the KbsConfig custom resource
Link kopieren

You can delete the KbsConfig custom resource (CR) by using the web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have uninstalled OpenShift sandboxed containers.

Procedure

  1. In the OpenShift Container Platform web console, navigate to Operators Installed Operators.
  2. Enter Confidential compute attestation in the Search by name field.
  3. Click the Operator to open it and then click the KbsConfig tab.
  4. Click the Options menu kebab and select Delete KbsConfig.
  5. Click Delete in the confirmation window.
Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

9.2.1.2. Uninstalling the Confidential compute attestation Operator
Link kopieren

You can uninstall the Confidential compute attestation Operator by using OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KbsConfig custom resource.

Procedure

  1. Navigate to Operators Installed Operators.
  2. Enter Confidential compute attestation in the Search by name field.

  3. On the right side of the Operator Details page, select Uninstall Operator from the Actions list.

    An Uninstall Operator? dialog box is displayed.

  4. Click Uninstall to remove the Operator, Operator deployments, and pods.
  5. Navigate to Administration Namespaces.
  6. Enter trustee-operator-system in the Search by name field.
  7. Click the Options menu kebab and select Delete Namespace.
  8. In the confirmation dialog, enter trustee-operator-system and click Delete.

9.2.1.3. Deleting the KbsConfig CRD
Link kopieren

You can delete the KbsConfig custom resource definition (CRD) by using the OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KbsConfig custom resource.
  • You have uninstalled the Confidential compute attestation Operator.

Procedure

  1. In the web console, navigate to Administration CustomResourceDefinitions.
  2. Enter the KbsConfig name in the Search by name field.
  3. Click the Options menu and select Delete CustomResourceDefinition.
  4. Click Delete in the confirmation window.

You can remove the Confidential Containers environment by using the command-line interface (CLI).

9.2.2.1. Deleting the KbsConfig custom resource
Link kopieren

You can delete the KbsConfig custom resource (CR) by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have uninstalled OpenShift sandboxed containers.

Procedure

  1. Delete the KbsConfig CR by running the following command: 

    $ oc delete kbsconfig kbsconfig
    Copy to Clipboard Toggle word wrap

  2. Verify that the custom resource was deleted by running the following command: 

    $ oc get kbsconfig kbsconfig
    Copy to Clipboard Toggle word wrap

    Example output

    No kbsconfig instances exist
    Copy to Clipboard Toggle word wrap

Important

When uninstalling OpenShift sandboxed containers deployed using a cloud provider, you must delete all of the pods. Any remaining pod resources might result in an unexpected bill from your cloud provider.

9.2.2.2. Uninstalling the Confidential compute attestation Operator
Link kopieren

You can uninstall the Confidential compute attestation Operator by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KbsConfig custom resource.

Procedure

  1. Delete the subscription by running the following command: 

    $ oc delete subscription trustee-operator -n trustee-operator-system
    Copy to Clipboard Toggle word wrap

  2. Delete the namespace by running the following command: 

    $ oc delete namespace trustee-operator-system
    Copy to Clipboard Toggle word wrap

9.2.2.3. Deleting the KbsConfig CRD
Link kopieren

You can delete the KbsConfig custom resource definition (CRD) by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all pods that use kata or kata-remote as the runtimeClass.
  • You have deleted the KbsConfig custom resource.
  • You have uninstalled the Confidential compute attestation Operator.

Procedure

  1. Delete the KbsConfig CRD by running the following command: 

    $ oc delete crd kbsconfigs.confidentialcontainers.org
    Copy to Clipboard Toggle word wrap

  2. Verify that the CRD was deleted by running the following command: 

    $ oc get crd kbsconfigs.confidentialcontainers.org
    Copy to Clipboard Toggle word wrap

    Example output

    Unknown CRD kbsconfigs.confidentialcontainers.org
    Copy to Clipboard Toggle word wrap

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat