Chapter 7. Uninstalling


You can uninstall OpenShift sandboxed containers and remove the Confidential Containers environment.

7.1. Uninstalling OpenShift sandboxed containers

You can uninstall OpenShift sandboxed containers by using the OpenShift Container Platform web console or the command line.

You uninstall OpenShift sandboxed containers by performing the following tasks:

  1. Delete the workload pods.
  2. Delete the KataConfig custom resource.
  3. Uninstall the OpenShift sandboxed containers Operator.
  4. Delete the KataConfig custom resource definition.

7.1.1. Uninstalling OpenShift sandboxed containers by using the web console

You can uninstall OpenShift sandboxed containers by using the OpenShift Container Platform web console.

7.1.1.1. Deleting workload pods

You can delete the OpenShift sandboxed containers workload pods by using the OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have a list of pods that use the OpenShift sandboxed containers runtime class.

Procedure

  1. In the OpenShift Container Platform web console, navigate to Workloads Pods.
  2. Enter the name of the pod that you want to delete in the Search by name field.
  3. Click the pod name to open it.
  4. On the Details page, check that kata or kata-remote is displayed for Runtime class.
  5. Click the Options menu kebab and select Delete Pod.
  6. Click Delete.

7.1.1.2. Deleting the KataConfig custom resource

You can delete the KataConfig custom resource (CR) by using the web console.

Deleting the KataConfig CR removes and uninstalls the kata runtime and its related resources from your cluster.

Important

Deleting the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. Factors that impede reboot time are as follows:

  • A larger OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted all running pods that use kata as the runtimeClass.

Procedure

  1. In the OpenShift Container Platform web console, navigate to Operators Installed Operators.
  2. Enter OpenShift sandboxed containers Operator in the Search by name field.
  3. Click the Operator to open it and then click the KataConfig tab.
  4. Click the Options menu kebab and select Delete KataConfig.
  5. Click Delete in the confirmation window.

Wait for the kata runtime and resources to uninstall and for the worker nodes to reboot before continuing to the next step.

7.1.1.3. Uninstalling the OpenShift sandboxed containers Operator

You can uninstall the OpenShift sandboxed containers Operator by using OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KataConfig custom resource.

Procedure

  1. Navigate to Operators Installed Operators.
  2. Enter OpenShift sandboxed containers Operator in the Search by name field.
  3. On the right side of the Operator Details page, select Uninstall Operator from the Actions list.

    An Uninstall Operator? dialog box is displayed.

  4. Click Uninstall to remove the Operator, Operator deployments, and pods.
  5. Navigate to Administration Namespaces.
  6. Enter openshift-sandboxed-containers-operator in the Search by name field.
  7. Click the Options menu kebab and select Delete Namespace.
  8. In the confirmation dialog, enter openshift-sandboxed-containers-operator and click Delete.

7.1.1.4. Deleting the KataConfig CRD

You can delete the KataConfig custom resource definition (CRD) by using the OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KataConfig custom resource.
  • You have uninstalled the OpenShift sandboxed containers Operator.

Procedure

  1. In the web console, navigate to Administration CustomResourceDefinitions.
  2. Enter the KataConfig name in the Search by name field.
  3. Click the Options menu and select Delete CustomResourceDefinition.
  4. Click Delete in the confirmation window.

7.1.2. Uninstalling OpenShift sandboxed containers by using the CLI

You can uninstall OpenShift sandboxed containers by using the command-line interface (CLI).

7.1.2.1. Deleting workload pods

You can delete the OpenShift sandboxed containers workload pods by using the CLI.

Prerequisites

  • You have the JSON processor (jq) utility installed.

Procedure

  1. Search for the pods by running the following command:

    $ oc get pods -A -o json | jq -r '.items[] | \
      select(.spec.runtimeClassName == "<runtime>").metadata.name' 1
    1
    Specify kata for bare metal deployments. Specify kata-remote for AWS, Azure, IBM Z®, and IBM® LinuxONE.
  2. Delete each pod by running the following command:

    $ oc delete pod <pod>

7.1.2.2. Deleting the KataConfig custom resource

You can delete the KataConfig custom resource (CR) by using the command line.

Deleting the KataConfig CR removes the runtime and its related resources from your cluster.

Important

Deleting the KataConfig CR automatically reboots the worker nodes. The reboot can take from 10 to more than 60 minutes. Factors that impede reboot time are as follows:

  • A larger OpenShift Container Platform deployment with a greater number of worker nodes.
  • Activation of the BIOS and Diagnostics utility.
  • Deployment on a hard drive rather than an SSD.
  • Deployment on physical nodes such as bare metal, rather than on virtual nodes.
  • A slow CPU and network.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Delete the KataConfig CR by running the following command:

    $ oc delete kataconfig example-kataconfig

    The OpenShift sandboxed containers Operator removes all resources that were initially created to enable the runtime on your cluster.

    Important

    When you delete the KataConfig CR, the CLI stops responding until all worker nodes reboot. You must for the deletion process to complete before performing the verification.

  2. Verify that the custom resource was deleted by running the following command:

    $ oc get kataconfig example-kataconfig

    Example output

    No example-kataconfig instances exist

7.1.2.3. Uninstalling the OpenShift sandboxed containers Operator

You can uninstall the OpenShift sandboxed containers Operator by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the OpenShift sandboxed containers workload pods.
  • You have deleted KataConfig custom resource.

Procedure

  1. Delete the subscription by running the following command:

    $ oc delete subscription sandboxed-containers-operator -n openshift-sandboxed-containers-operator
  2. Delete the namespace by running the following command:

    $ oc delete namespace openshift-sandboxed-containers-operator

7.1.2.4. Deleting the KataConfig CRD

You can delete the KataConfig custom resource definition (CRD) by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KataConfig custom resource.
  • You have uninstalled the OpenShift sandboxed containers Operator.

Procedure

  1. Delete the KataConfig CRD by running the following command:

    $ oc delete crd kataconfigs.kataconfiguration.openshift.io
  2. Verify that the CRD was deleted by running the following command:

    $ oc get crd kataconfigs.kataconfiguration.openshift.io

    Example output

    Unknown CRD kataconfigs.kataconfiguration.openshift.io

7.2. Removing the Confidential Containers environment

You can remove the Confidential Containers environment by using the OpenShift Container Platform web console or the command line.

You remove the Confidential Containers environment by performing the following tasks:

  1. Delete the KbsConfig custom resource.
  2. Uninstall the Confidential compute attestation Operator.
  3. Delete the KbsConfig custom resource definition.

7.2.1. Removing the Confidential Containers environment by using the web console

You can remove the Confidential Containers environment by using the OpenShift Container Platform web console.

7.2.1.1. Deleting the KbsConfig custom resource

You can delete the KbsConfig custom resource (CR) by using the web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have uninstalled OpenShift sandboxed containers.

Procedure

  1. In the OpenShift Container Platform web console, navigate to Operators Installed Operators.
  2. Enter Confidential compute attestation in the Search by name field.
  3. Click the Operator to open it and then click the KbsConfig tab.
  4. Click the Options menu kebab and select Delete KbsConfig.
  5. Click Delete in the confirmation window.

7.2.1.2. Uninstalling the Confidential compute attestation Operator

You can uninstall the Confidential compute attestation Operator by using OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KbsConfig custom resource.

Procedure

  1. Navigate to Operators Installed Operators.
  2. Enter Confidential compute attestation in the Search by name field.
  3. On the right side of the Operator Details page, select Uninstall Operator from the Actions list.

    An Uninstall Operator? dialog box is displayed.

  4. Click Uninstall to remove the Operator, Operator deployments, and pods.
  5. Navigate to Administration Namespaces.
  6. Enter trustee-operator-system in the Search by name field.
  7. Click the Options menu kebab and select Delete Namespace.
  8. In the confirmation dialog, enter trustee-operator-system and click Delete.

7.2.1.3. Deleting the KbsConfig CRD

You can delete the KbsConfig custom resource definition (CRD) by using the OpenShift Container Platform web console.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KbsConfig custom resource.
  • You have uninstalled the Confidential compute attestation Operator.

Procedure

  1. In the web console, navigate to Administration CustomResourceDefinitions.
  2. Enter the KbsConfig name in the Search by name field.
  3. Click the Options menu and select Delete CustomResourceDefinition.
  4. Click Delete in the confirmation window.

7.2.2. Removing the Confidential Containers environment by using the CLI

You can remove the Confidential Containers environment by using the command-line interface (CLI).

7.2.2.1. Deleting the KbsConfig custom resource

You can delete the KbsConfig custom resource (CR) by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have uninstalled OpenShift sandboxed containers.

Procedure

  1. Delete the KbsConfig CR by running the following command:

    $ oc delete kbsconfig kbsconfig
  2. Verify that the custom resource was deleted by running the following command:

    $ oc get kbsconfig kbsconfig

    Example output

    No kbsconfig instances exist

7.2.2.2. Uninstalling the Confidential compute attestation Operator

You can uninstall the Confidential compute attestation Operator by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KbsConfig custom resource.

Procedure

  1. Delete the subscription by running the following command:

    $ oc delete subscription trustee-operator -n trustee-operator-system
  2. Delete the namespace by running the following command:

    $ oc delete namespace trustee-operator-system

7.2.2.3. Deleting the KbsConfig CRD

You can delete the KbsConfig custom resource definition (CRD) by using the command line.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You have access to the cluster as a user with the cluster-admin role.
  • You have deleted the KbsConfig custom resource.
  • You have uninstalled the Confidential compute attestation Operator.

Procedure

  1. Delete the KbsConfig CRD by running the following command:

    $ oc delete crd kbsconfigs.confidentialcontainers.org
  2. Verify that the CRD was deleted by running the following command:

    $ oc get crd kbsconfigs.confidentialcontainers.org

    Example output

    Unknown CRD kbsconfigs.confidentialcontainers.org

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.