This page shows you how to uninstall Config Sync from your cluster, disable the Config Management fleet feature on your fleet, and uninstall the ConfigManagement Operator.
This page is for IT administrators and Operators who manage the lifecycle of the underlying tech infrastructure. To learn more about common roles and example tasks that we reference in Google Cloud content, see Common GKE Enterprise user roles and tasks.
The Config Management fleet feature manages Config Sync using the ConfigManagement Operator. Because of this architecture, the uninstall steps must be completed in the following order:
- Uninstall Config Sync from your cluster
- Disable the Config Management feature on your fleet
- Uninstall the ConfigManagement Operator from your cluster
Uninstall Config Sync from your cluster
Console
You can't uninstall Config Sync with only the Google Cloud console. Use Google Cloud CLI instead.
gcloud
Open the applySpec manifest that you created during installation with the Google Cloud CLI.
In the applySpec manifest, set
spec.configSync.enabled
tofalse
:applySpecVersion: 1 spec: configSync: enabled: false ...
Apply the changes:
gcloud beta container fleet config-management apply \ --membership=MEMBERSHIP_NAME \ --config=CONFIG_YAML \ --project=PROJECT_ID
Replace the following:
MEMBERSHIP_NAME: add the registered cluster that you want to apply this configuration to. If you registered the cluster in the Google Cloud console, the membership name is the same as the name of your cluster.
CONFIG_YAML: add the path to your
apply-spec.yaml
file.PROJECT_ID: add your project ID.
Terraform
If you used Terraform to install Config Sync using a gke_hub_feature_membership resource from the Google Cloud Platform Provider, then update that resource to uninstall Config Sync.
Identify the
gke_hub_feature_membership
resource in your Terraform configuration files that has aconfigmanagement
argument populated.Update the
gke_hub_feature_membership
resource to remove theconfig_sync
argument from theconfigmanagement
.For example:
resource "google_gke_hub_feature_membership" "feature_member" { location = "global" feature = google_gke_hub_feature.feature.name membership = google_gke_hub_membership.membership.membership_id membership_location = google_gke_hub_membership.membership.location configmanagement { version = "1.17.0" } }
Apply the Terraform configuration:
terraform apply
Confirm you want to apply the actions described by entering
yes
.
Config Connector
If you used Config Connector to install Config Sync using a GKEHubFeatureMembership resource, then update that resource to uninstall Config Sync.
Identify the
GKEHubFeatureMembership
resource object on your cluster that has a.spec.configmanagement.configSync
field populated.Patch the
GKEHubFeatureMembership
resource object to remove the.spec.configmanagement.configSync
field by setting it to null:kubectl patch GKEHubFeatureMembership FEATURE_MEMBERSHIP_OBJECT_NAME \ --namespace FEATURE_MEMBERSHIP_OBJECT_NAMESPACE \ -p '{"spec":{"configmanagement":{"configSync": null}}}'
Replace the following:
FEATURE_MEMBERSHIP_OBJECT_NAME: add the name of the
GKEHubFeatureMembership
resource object that you previously created.FEATURE_MEMBERSHIP_OBJECT_NAMESPACE: add the namespace that contains the
GKEHubFeatureMembership
resource object that you previously created.
Disable Config Management on your fleet
Console
- In the Google Cloud console, go to the Feature Manager page.
In the Config Management row of the Features table, click Details. The Status summary page appears.
Click Disable Config Management. A confirmation page appears.
On the confirmation page, click Disable Config Management.
gcloud
To disable Config Management on all clusters in the fleet, run the following command:
gcloud beta container fleet config-management disable
Terraform
If you used Terraform to enable the Config Management feature on your fleet using a google_gke_hub_feature resource from the from the Google Cloud Platform Provider, then update that resource to disable Config Management on all clusters in the fleet.
Update the HCL file that contains your
google_gke_hub_feature
resource to remove thegoogle_gke_hub_feature
resource.If you still have a
gke_hub_feature_membership
resource defined with afeature
field that references the removedgoogle_gke_hub_feature
, remove thatgke_hub_feature_membership
resource too.Apply the Terraform configuration:
terraform apply
Confirm you want to apply the actions described by entering
yes
.
Config Connector
If you used Config Connector to enable the Config Management feature on your fleet using a GKEHubFeature resource, then update that resource to disable Config Management on all clusters in the fleet.
Identify the
GKEHubFeature
resource object on your cluster that has a.spec.resourceID
value ofconfigmanagement
.If you still have a
GKEHubFeatureMembership
resource object defined with a.spec.featureRef
field that references thatGKEHubFeature
resource object, delete it:kubectl delete GKEHubFeatureMembership FEATURE_MEMBERSHIP_OBJECT_NAME \ --namespace FEATURE_MEMBERSHIP_OBJECT_NAMESPACE
Replace the following:
FEATURE_MEMBERSHIP_OBJECT_NAME: add the name of the
GKEHubFeatureMembership
resource object that you previously created.FEATURE_MEMBERSHIP_OBJECT_NAMESPACE: add the namespace that contains the
GKEHubFeatureMembership
resource object that you previously created.
Delete the
GKEHubFeature
resource from your cluster:kubectl delete GKEHubFeature FEATURE_OBJECT_NAME \ --namespace FEATURE_OBJECT_NAMESPACE
Replace the following:
FEATURE_OBJECT_NAME: add the name of the
GKEHubFeature
resource object that you previously created.FEATURE_OBJECT_NAMESPACE: add the namespace that contains the
GKEHubFeature
resource object that you previously created.
Uninstall the ConfigManagement Operator
Use kubectl
to delete the ConfigManagement Operator after you disable
Config Management feature on the fleet or
unregister your cluster
from the fleet.
To remove the ConfigManagement Operator, run the following commands:
Delete the ConfigManagement object from the cluster:
kubectl delete configmanagement --all
After you run this command, the following things happen:
- Any ClusterRoles and ClusterRoleBindings created in the cluster by ConfigManagement Operator are deleted from the cluster.
- Any admission controller configurations installed by ConfigManagement Operator are deleted.
- The contents of the
config-management-system
namespace are deleted, with the exception of thegit-creds
Secret, and for versions of Config Sync beginning in 1.9.0, theconfig-management-operator
Deployment, and theconfig-management-operator
Pod. ConfigManagement Operator cannot function without theconfig-management-system
namespace. Any CustomResourceDefinitions (CRDs) created or modified by ConfigManagement Operator controller are removed from the clusters where they were created or modified. The CRD required to run ConfigManagement Operator still exists because from the point of view of Kubernetes, they were added by the user who installed ConfigManagement Operator. Information about removing these components is covered in the next step.
If you need to retain the
git-creds
Secret, do that now:kubectl -n config-management-system get secret git-creds -o yaml
Delete the
config-management-system
namespace:kubectl delete ns config-management-system
Delete the
config-management-monitoring
namespace:kubectl delete ns config-management-monitoring
Delete the ConfigManagement CustomResourceDefinition:
kubectl delete crd configmanagements.configmanagement.gke.io