Deleting an admin cluster

This page describes how to delete an Anthos GKE on-prem (GKE on-prem) admin cluster.

Before you begin

Before you delete an admin cluster, complete the following steps:

  • Delete its user clusters. See Deleting a user cluster.
  • Delete any workloads that use PodDisruptionBudgets (PDBs) from the admin cluster.
  • Delete all external objects, such as PersistentVolumes, from the admin cluster.
  • Set a KUBECONFIG environment variable pointing to the kubeconfig of the admin cluster that you want to delete:


    where [ADMIN_CLUSTER_KUBECONFIG] is the path of the admin cluster's kubeconfig file.

Deleting logging and monitoring

GKE on-prem's logging and monitoring Pods, deployed from StatefulSets, use PDBs that can prevent nodes from draining properly. To properly delete an admin cluster, you need to delete these Pods.

To delete logging and monitoring Pods, run the following commands:

kubectl delete monitoring --all -n kube-system
kubectl delete stackdriver --all -n kube-system

Deleting monitoring cleans up the PersistentVolumes (PVs) associated with StatefulSets, but the PersistentVolume for Stackdriver needs to be deleted separately.

Deletion of the Stackdriver PV is optional. If you choose not to delete the PV, record the location and name of the associated PV in an external location outside of the user cluster.

Deletion of the PV will get propagated through deleting the Persistent Volume Claim (PVC).

To find the Stackdriver PVC, run the following command:

kubectl get pvc -n kube-system

To delete the PVC, run the following command:

kubectl delete pvc -n kube-system [PVC_NAME]

Verifying logging & monitoring are removed

To verify that logging and monitoring have been removed, run the following commands:

kubectl get pvc -n kube-system
kubectl get statefulsets -n kube-system

Cleaning up an admin cluster's F5 partition

Deleting the gke-system namespace from the admin cluster ensures proper cleanup of the F5 partition, allowing you to reuse the partition for another admin cluster.

To delete the gke-system namespace, run the following command:

kubectl delete ns gke-system

Then delete any remaining Services of type LoadBalancer. To list all Services, run the following command:

kubectl get services --all-namespaces

For each Service of type LoadBalancer, delete it by running the following command:

kubectl delete service [SERVICE_NAME] -n [SERVICE_NAMESPACE]

Then, from the F5 BIG-IP console:

  1. In the top-right corner of the console, switch to the partition to clean up.
  2. Select Local Traffic > Virtual Servers > Virtual Server List.
  3. In the Virtual Servers menu, remove all the virtual IPs.
  4. Select Pools, then delete all the pools.
  5. Select Nodes, then delete all the nodes.

Verifying F5 partition is clean


Check that the VIP is down by running the following command:

ping -c 1 -W 1 [F5_LOAD_BALANCER_IP]; echo $?

which will return 1 if the VIP is down.


To check that the partition has been cleaned up from the F5 user interface, perform the following steps:

  1. From the upper-right corner, click the Partition drop-down menu. Select your admin cluster's partition.
  2. From the left-hand Main menu, select Local Traffic > Network Map. There should be nothing listed below the Local Traffic Network Map.
  3. From Local Traffic > Virtual Servers, select Nodes, then select Nodes List. There should be nothing listed here as well.

If there are any entries remaining, delete them manually from the UI.

Powering off admin node machines

To delete the admin control plane node machines, you need to power off each of the remaining admin VMs in your vSphere resource pool.

vSphere UI

Perform the following steps:

  1. From the vSphere menu, select the VM from the Vsphere resource pool
  2. From the top of the VM menu, click Actions.
  3. Select Power > Power Off. It may take a few minutes for the VM to power off.

Deleting admin node machines

After the VM has powered off, you can delete the VM.

vSphere UI

Perform the following steps:

  1. From the vSphere menu, select the VM from the Vsphere resource pool
  2. From the top of the VM menu, click Actions.
  3. Click Delete from Disk.

After you have finished

After you have finished deleting the admin cluster, delete its kubeconfig.


For more information, refer to Troubleshooting.

Diagnosing cluster issues using gkectl

Use gkectl diagnosecommands to identify cluster issues and share cluster information with Google. See Diagnosing cluster issues.

Running gkectl commands verbosely


Logging gkectl errors to stderr


Locating gkectl logs in the admin workstation

Even if you don't pass in its debugging flags, you can view gkectl logs in the following admin workstation directory:


Locating Cluster API logs in the admin cluster

If a VM fails to start after the admin control plane has started, you can try debugging this by inspecting the Cluster API controllers' logs in the admin cluster:

  1. Find the name of the Cluster API controllers Pod in the kube-system namespace, where [ADMIN_CLUSTER_KUBECONFIG] is the path to the admin cluster's kubeconfig file:

    kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] -n kube-system get pods | grep clusterapi-controllers
  2. Open the Pod's logs, where [POD_NAME] is the name of the Pod. Optionally, use grep or a similar tool to search for errors:

    kubectl --kubeconfig [ADMIN_CLUSTER_KUBECONFIG] -n kube-system logs [POD_NAME] vsphere-controller-manager