Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 6. Uninstalling Red Hat Advanced Cluster Security for Kubernetes


When you install Red Hat Advanced Cluster Security for Kubernetes, it creates:

  • A namespace called rhacs-operator where the Operator is installed, if you chose the Operator method of installation
  • A namespace called stackrox, or another namespace where you created the Central and SecuredCluster custom resources
  • PodSecurityPolicy and Kubernetes role-based access control (RBAC) objects for all components
  • Additional labels on namespaces, for use in generated network policies
  • An application custom resource definition (CRD), if it does not exist

Uninstalling Red Hat Advanced Cluster Security for Kubernetes involves deleting all of these items.

6.1. Deleting namespace

You can delete the namespace that Red Hat Advanced Cluster Security for Kubernetes creates by using the OpenShift Container Platform or Kubernetes command-line interface.

Procedure

  • Delete the stackrox namespace:

    • On OpenShift Container Platform:

      $ oc delete namespace stackrox
    • On Kubernetes:

      $ kubectl delete namespace stackrox
Note

If you installed RHACS in a different namespace, use the name of that namespace in the delete command.

6.2. Deleting global resources

You can delete the global resources that Red Hat Advanced Cluster Security for Kubernetes (RHACS) creates by using the OpenShift Container Platform or Kubernetes command-line interface (CLI).

Procedure

  • To delete the global resources by using the OpenShift Container Platform CLI, perform the following steps:

    1. Retrieve all the StackRox-related cluster roles, cluster role bindings, roles, role bindings, and PSPs, and then delete them by running the following command:

      $ oc get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs oc delete --wait
      Note

      You might receive the error: the server doesn’t have a resource type "psp" error message in RHACS 4.4 and later versions because the pod security policies (PSPs) are deprecated. The PSPs were removed from Kubernetes in version 1.25, except for clusters with older Kubernetes versions.

    2. Delete the custom security context constraints (SCCs) labeled with app.kubernetes.io/name=stackrox by running the following command:

      $ oc delete scc -l "app.kubernetes.io/name=stackrox"
      Note

      You might receive the No resources found error message in RHACS 4.4 and later versions because the custom SCCs with this label are no longer used in these versions.

    3. Delete the ValidatingWebhookConfiguration object named stackrox by running the following command:

      $ oc delete ValidatingWebhookConfiguration stackrox
  • To delete the global resources by using the Kubernetes CLI, perform the following steps:

    1. Retrieve all the StackRox-related cluster roles, cluster role bindings, roles, role bindings, and PSPs, and then delete them by running the following command:

      $ kubectl get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs kubectl delete --wait
      Note

      You might receive the error: the server doesn’t have a resource type "psp" error message in RHACS 4.4 and later versions because the pod security policies (PSPs) are deprecated. The PSPs were removed from Kubernetes in version 1.25, except for clusters with older Kubernetes versions.

    2. Delete the ValidatingWebhookConfiguration object named stackrox by running the following command:

      $ kubectl delete ValidatingWebhookConfiguration stackrox

6.3. Deleting labels and annotations

You can delete the labels and annotations that Red Hat Advanced Cluster Security for Kubernetes creates, by using the OpenShift Container Platform or Kubernetes command-line interface.

Procedure

  • Delete labels and annotations:

    • On OpenShift Container Platform:

      $ for namespace in $(oc get ns | tail -n +2 | awk '{print $1}'); do     oc label namespace $namespace namespace.metadata.stackrox.io/id-;     oc label namespace $namespace namespace.metadata.stackrox.io/name-;     oc annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-;   done
    • On Kubernetes:

      $ for namespace in $(kubectl get ns | tail -n +2 | awk '{print $1}'); do     kubectl label namespace $namespace namespace.metadata.stackrox.io/id-;     kubectl label namespace $namespace namespace.metadata.stackrox.io/name-;     kubectl annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-;   done
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.