Delete a user cluster

User cluster deletion unregisters the cluster from the Google Distributed Cloud (GDC) air-gapped instance and deletes the workloads, node pools, control plane nodes, and corresponding resources.

Before you begin

To get the permissions needed to delete a user cluster, ask your Organization IAM Admin to grant you the User Cluster Admin role (user-cluster-admin).

Delete a user cluster and its resources

Complete the following steps to delete a user cluster and its resources:

Console

  1. In the navigation menu, select Clusters.

  2. In the cluster list, click the cluster that you want to delete.

  3. Click delete Delete Cluster.

  4. When prompted, type the given confirmation phrase and click Delete to delete the cluster.

kubectl

  1. Pause the reconciliation for the Cluster custom resource of the user cluster:

    kubectl annotate clusters.cluster.gdc.goog/USER_CLUSTER_NAME -n platform \
    cluster.gdc.goog/paused=true --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG

  2. Trigger the deletion of the Cluster custom resource of the user cluster:

    kubectl delete clusters.cluster.gdc.goog/USER_CLUSTER_NAME -n platform \
    --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG --wait=false

  3. Trigger the deletion of all NodePoolClaim custom resources in the user cluster:

    kubectl delete --all nodepoolclaims -n NAMESPACE \
    --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG --wait=false

    This command starts the background deletion of all node pool claims in the user cluster.

  4. Delete the Cluster custom resource of the user cluster:

    kubectl delete clusters USER_CLUSTER_NAME \
    -n NAMESPACE --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG

    This command might take several minutes based on the amount of node pools in the user cluster to delete.

  5. Delete the namespace custom resource:

    kubectl --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG delete namespace NAMESPACE

  6. Delete the Istio secret in the istio-system namespace:

    kubectl delete secrets istio-remote-secret-USER_CLUSTER_NAME -n istio-system \
    --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG

    In some cases, your Istio secret might have a different name. To list your Istio secret and confirm the name, run the following command:

    kubectl get secrets -n istio-system \
    --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG

  7. Remove the address pool claims with the same name as the target user cluster, but located in different namespaces:

    for j in $(kubectl get addresspoolclaims -A -o custom-columns=:.metadata.namespace --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG);
do
kubectl delete addresspoolclaims USER_CLUSTER_NAME -n $j --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG;
done

    You can expect to see errors like the following after executing this command:

    Error from server (NotFound): addresspoolclaims.system.private.gdc.goog "USER_CLUSTER_NAME" not found

    Ignore these errors. The command attempts to find all address pool claims with the specified cluster name in all namespaces. Some namespaces do not contain address pool claims with the name, resulting in an error.

  8. Verify that you deleted the namespace of the user cluster:

    kubectl get namespaces NAMESPACE \
    --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG

    If the namespace is deleted, the output displays an error indicating the namespace is not found. For example:

    Error from server (NotFound): namespaces NAMESPACE not found

  9. Unpause the reconciliation for the Cluster custom resource of the user cluster:

    kubectl annotate clusters.cluster.gdc.goog/USER_CLUSTER_NAME -n platform \
    cluster.gdc.goog/paused- --kubeconfig=ORG_ADMIN_CLUSTER_KUBECONFIG

API

  • To delete a user cluster, remove the Cluster custom resource from the GDC instance:

    kubectl delete clusters.cluster.gdc.goog/USER_CLUSTER_NAME -n platform \
    --kubeconfig ORG_ADMIN_CLUSTER_KUBECONFIG

    Replace the following:

    • USER_CLUSTER_NAME: The name of the user cluster to delete.
    • ORG_ADMIN_CLUSTER_KUBECONFIG: The org admin cluster's kubeconfig file path.