Uninstall Config Sync

This page shows you how to uninstall Config Sync from your cluster, disable the Config Management fleet feature on your fleet, and uninstall the ConfigManagement Operator.

The Config Management fleet feature manages Config Sync, Policy Controller, and Hierarchy Controller using the ConfigManagement Operator. Because of this architecture, the uninstall steps must be completed in the following order:

  1. Uninstall Config Sync from your cluster
  2. Disable the Config Management feature on your fleet
  3. Uninstall the ConfigManagement Operator from your cluster

Uninstall Config Sync from your cluster

Console

You can't uninstall Config Sync with only the Google Cloud console. Use Google Cloud CLI instead.

gcloud

  1. Open the applySpec manifest that you created during installation with the Google Cloud CLI.

  2. In the applySpec manifest, set spec.configSync.enabled to false:

    applySpecVersion: 1
spec:
  configSync:
    enabled: false
...

  3. (required only for clusters using Config Sync auto-upgrades) In the applySpec manifest, set spec.upgrades to auto:

    applySpecVersion: 1
spec:
  upgrades: auto
  configSync:
    enabled: false
...

  4. Apply the changes:

      gcloud beta container fleet config-management apply \
      --membership=MEMBERSHIP_NAME \
      --config=CONFIG_YAML \
      --project=PROJECT_ID

    Replace the following:

    • MEMBERSHIP_NAME: add the registered cluster that you want to apply this configuration to. If you registered the cluster in the Google Cloud console, the membership name is the same as the name of your cluster.

    • CONFIG_YAML: add the path to your apply-spec.yaml file.

    • PROJECT_ID: add your project ID.

Terraform

If you used Terraform to install Config Sync using a gke_hub_feature_membership resource from the Google Cloud Platform Provider, then update that resource to uninstall Config Sync.

  1. Identify the gke_hub_feature_membership resource in your Terraform configuration files that has a configmanagement argument populated.

  2. Update the gke_hub_feature_membership resource to remove the config_sync argument from the configmanagement.

    For example:

    resource "google_gke_hub_feature_membership" "feature_member" {
  location = "global"
  feature = google_gke_hub_feature.feature.name
  membership = google_gke_hub_membership.membership.membership_id
  membership_location = google_gke_hub_membership.membership.location
  configmanagement {
    version = "1.17.0"
  }
}

  3. Apply the Terraform configuration:

    terraform apply

    Confirm you want to apply the actions described by entering yes.

Config Connector

If you used Config Connector to install Config Sync using a GKEHubFeatureMembership resource, then update that resource to uninstall Config Sync.

  1. Identify the GKEHubFeatureMembership resource object on your cluster that has a .spec.configmanagement.configSync field populated.

  2. Patch the GKEHubFeatureMembership resource object to remove the .spec.configmanagement.configSync field by setting it to null:

    kubectl patch GKEHubFeatureMembership FEATURE_MEMBERSHIP_OBJECT_NAME \
    --namespace FEATURE_MEMBERSHIP_OBJECT_NAMESPACE \
    -p '{"spec":{"configmanagement":{"configSync": null}}}'

    Replace the following:

    • FEATURE_MEMBERSHIP_OBJECT_NAME: add the name of the GKEHubFeatureMembership resource object that you previously created.

    • FEATURE_MEMBERSHIP_OBJECT_NAMESPACE: add the namespace that contains the GKEHubFeatureMembership resource object that you previously created.

Disable Config Management on your fleet

Console

  1. In the Google Cloud console, go to the GKE Enterprise Feature Management page under the Fleet Features section.

    Go to Feature Management

  2. In the Config Management row of the Features table, click Details. The Status summary page appears.

  3. Click Disable Config Management. A confirmation page appears.

  4. On the confirmation page, click Disable Config Management.

gcloud

  1. To disable Config Management on all clusters in the fleet, run the following command:

    gcloud beta container fleet config-management disable

Terraform

If you used Terraform to enable the Config Management feature on your fleet using a google_gke_hub_feature resource from the from the Google Cloud Platform Provider, then update that resource to disable Config Management on all clusters in the fleet.

  1. Update the HCL file that contains your google_gke_hub_feature resource to remove the google_gke_hub_feature resource.

  2. If you still have a gke_hub_feature_membership resource defined with a feature field that references the removed google_gke_hub_feature, remove that gke_hub_feature_membership resource too.

  3. Apply the Terraform configuration:

    terraform apply

    Confirm you want to apply the actions described by entering yes.

Config Connector

If you used Config Connector to enable the Config Management feature on your fleet using a GKEHubFeature resource, then update that resource to disable Config Management on all clusters in the fleet.

  1. Identify the GKEHubFeature resource object on your cluster that has a .spec.resourceID value of configmanagement.

  2. If you still have a GKEHubFeatureMembership resource object defined with a .spec.featureRef field that references that GKEHubFeature resource object, delete it:

    kubectl delete GKEHubFeatureMembership FEATURE_MEMBERSHIP_OBJECT_NAME \
    --namespace FEATURE_MEMBERSHIP_OBJECT_NAMESPACE

    Replace the following:

    • FEATURE_MEMBERSHIP_OBJECT_NAME: add the name of the GKEHubFeatureMembership resource object that you previously created.

    • FEATURE_MEMBERSHIP_OBJECT_NAMESPACE: add the namespace that contains the GKEHubFeatureMembership resource object that you previously created.

  3. Delete the GKEHubFeature resource from your cluster:

    kubectl delete GKEHubFeature FEATURE_OBJECT_NAME \
    --namespace FEATURE_OBJECT_NAMESPACE

    Replace the following:

    • FEATURE_OBJECT_NAME: add the name of the GKEHubFeature resource object that you previously created.

    • FEATURE_OBJECT_NAMESPACE: add the namespace that contains the GKEHubFeature resource object that you previously created.

Uninstall the ConfigManagement Operator

Use kubectl to delete the ConfigManagement Operator after you disable Config Management feature on the fleet or unregister your cluster from the fleet.

To remove the ConfigManagement Operator, run the following commands:

  1. Delete the ConfigManagement object from the cluster:

    kubectl delete configmanagement --all

    After you run this command, the following things happen:

    • Any ClusterRoles and ClusterRoleBindings created in the cluster by ConfigManagement Operator are deleted from the cluster.
    • Any admission controller configurations installed by ConfigManagement Operator are deleted.
    • The contents of the config-management-system namespace are deleted, with the exception of the git-creds Secret, and for versions of Policy Controller, Config Sync and Config Controller beginning in 1.9.0, the config-management-operator Deployment, and the config-management-operator Pod. ConfigManagement Operator cannot function without the config-management-system namespace. Any CustomResourceDefinitions (CRDs) created or modified by ConfigManagement Operator controller are removed from the clusters where they were created or modified. The CRD required to run ConfigManagement Operator still exists because from the point of view of Kubernetes, they were added by the user who installed ConfigManagement Operator. Information about removing these components is covered in the next step.

  2. If you need to retain the git-creds Secret, do that now:

    kubectl -n config-management-system get secret git-creds -o yaml

  3. Delete the config-management-system namespace:

    kubectl delete ns config-management-system

  4. Delete the config-management-monitoring namespace:

    kubectl delete ns config-management-monitoring

  5. Delete the ConfigManagement CustomResourceDefinition:

    kubectl delete crd configmanagements.configmanagement.gke.io