Red Hat SummitYou are viewing documentation for a release that is no longer maintained. To view the documentation for the most recent version, see the latest RHACS docs.
Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 6. Uninstalling Red Hat Advanced Cluster Security for Kubernetes
When you install Red Hat Advanced Cluster Security for Kubernetes, it creates:
-
A namespace called
rhacs-operatorwhere the Operator is installed, if you chose the Operator method of installation -
A namespace called
stackrox, or another namespace where you created the Central and SecuredCluster custom resources -
PodSecurityPolicyand Kubernetes role-based access control (RBAC) objects for all components - Additional labels on namespaces, for use in generated network policies
- An application custom resource definition (CRD), if it does not exist
Uninstalling Red Hat Advanced Cluster Security for Kubernetes involves deleting all of these items.
6.1. Deleting namespace
You can delete the namespace that Red Hat Advanced Cluster Security for Kubernetes creates by using the OpenShift Container Platform or Kubernetes command-line interface.
Procedure
Delete the
stackroxnamespace:On OpenShift Container Platform:
oc delete namespace stackrox
$ oc delete namespace stackroxCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Kubernetes:
kubectl delete namespace stackrox
$ kubectl delete namespace stackroxCopy to Clipboard Copied! Toggle word wrap Toggle overflow
If you installed RHACS in a different namespace, use the name of that namespace in the delete command.
6.2. Deleting global resources
You can delete the global resources that Red Hat Advanced Cluster Security for Kubernetes creates, by using the OpenShift Container Platform or Kubernetes command-line interface.
Procedure
Delete global resources:
On OpenShift Container Platform:
oc get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs oc delete --wait
$ oc get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs oc delete --waitCopy to Clipboard Copied! Toggle word wrap Toggle overflow oc delete scc -l "app.kubernetes.io/name=stackrox"
$ oc delete scc -l "app.kubernetes.io/name=stackrox"Copy to Clipboard Copied! Toggle word wrap Toggle overflow oc delete ValidatingWebhookConfiguration stackrox
$ oc delete ValidatingWebhookConfiguration stackroxCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Kubernetes:
kubectl get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs kubectl delete --wait
$ kubectl get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs kubectl delete --waitCopy to Clipboard Copied! Toggle word wrap Toggle overflow kubectl delete ValidatingWebhookConfiguration stackrox
$ kubectl delete ValidatingWebhookConfiguration stackroxCopy to Clipboard Copied! Toggle word wrap Toggle overflow
6.3. Deleting labels and annotations
You can delete the labels and annotations that Red Hat Advanced Cluster Security for Kubernetes creates, by using the OpenShift Container Platform or Kubernetes command-line interface.
Procedure
Delete labels and annotations:
On OpenShift Container Platform:
for namespace in $(oc get ns | tail -n +2 | awk '{print $1}'); do oc label namespace $namespace namespace.metadata.stackrox.io/id-; oc label namespace $namespace namespace.metadata.stackrox.io/name-; oc annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-; done$ for namespace in $(oc get ns | tail -n +2 | awk '{print $1}'); do oc label namespace $namespace namespace.metadata.stackrox.io/id-; oc label namespace $namespace namespace.metadata.stackrox.io/name-; oc annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-; doneCopy to Clipboard Copied! Toggle word wrap Toggle overflow On Kubernetes:
for namespace in $(kubectl get ns | tail -n +2 | awk '{print $1}'); do kubectl label namespace $namespace namespace.metadata.stackrox.io/id-; kubectl label namespace $namespace namespace.metadata.stackrox.io/name-; kubectl annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-; done$ for namespace in $(kubectl get ns | tail -n +2 | awk '{print $1}'); do kubectl label namespace $namespace namespace.metadata.stackrox.io/id-; kubectl label namespace $namespace namespace.metadata.stackrox.io/name-; kubectl annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-; doneCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}