Steps to Uninstall/Cleanup KUBE+ Deployment

The in-cluster components of KUBE+ deployed in the Kubernetes cluster must be completely uninstalled, if the administrator wishes to cease certificate lifecycle management for the designated cluster.

To achieve this, execute the following commands to uninstall the KUBE+ in-cluster component Cert-Orchestrator from your cluster.

  • Uninstall the Cert-Orchestrator by executing the following Helm command:
    helm uninstall crypto-mesh -n crypto-mesh.
  • Uninstall the CSI provider if the Ephemeral Volume Feature gate has been installed by executing the following command:
    helm uninstall csi -n crypto-mesh
    Note: If the CSI provider is already present in the cluster and was not installed as a part of the cert-orchestrator deployment you can skip the uninstall of the CSI provider step.
  • Remove the KUBE+ helm repositories from your cluster by executing the following commands:
    helm repo remove crypto-mesh
helm repo remove csi
    Note: You should proceed with the removal of the CSI provider from the repository only if it was enabled during the Cert-Orchestrator installation. If the CSI provider was already available, you can skip this step.
  • Even after deleting the components of Cert-Orchestrator, Kubernetes secrets, configmaps, and other associated metadata may still remain in the cluster. You can remove this residual data by deleting the namespace where Cert-Orchestrator is installed.
    kubectl delete ns crypto-mesh
    Note: If a custom namespace was used during the installation of Cert-Orchestrator, please replace 'crypto-mesh' with your specified custom namespace.
  • During the installation of Cert-Orchestrator, it deploys multiple Custom Resource Definitions (CRDs) within the Kubernetes cluster. To remove these CRDs manually, execute the following command:
    kubectl get crd | grep appviewx | awk ‘{print $1}’ | xargs kubectl delete crd

The steps outlined above completely remove the KUBE+ in-cluster components from the cluster. If the Cert-Orchestrator has been successfully uninstalled, the following commands will produce an empty output.

The commands are:
  • kubectl get namespace | grep crypto-mesh
    Note: If the namespace name is not 'crypto-mesh,' replace it with your custom namespace.
  • kubectl get crd | grep appviewx
  • helm repo list
    Note: The command above should exclude both 'crypto-mesh' and the CSI repo.
  • kubectl get pods -n crypto-mesh
    Note: The command above should not display any running pods.