docs/doc/source/security/kubernetes/remove-portieris.rst

Remove Portieris

You can remove the Portieris admission controller completely from a system.

1. Remove the application.

   ~(keystone_admin)]$ system application-remove portieris

2. Delete kubernetes resources not automatically removed in the previous step.

   This is required if you plan to reapply the application.

   ~(keystone_admin)]$ kubectl delete clusterroles.rbac.authorization.k8s.io portieris
   ~(keystone_admin)]$ kubectl delete clusterrolebindings.rbac.authorization.k8s.io admission-portieris-webhook
   ~(keystone_admin)]$ kubectl delete -n portieris secret/portieris-certs
   ~(keystone_admin)]$ kubectl delete -n portieris cm/image-policy-crds
   ~(keystone_admin)]$ kubectl delete -n portieris serviceaccounts/portieris

   Note

   If this step is done before removing the application in step 1, the removal will fail, leaving the application in the remove-failed state. In such cases you will need to issue the following commands to recover:

   ~(keystone_admin)]$ kubectl delete MutatingWebhookConfiguration image-admission-config --ignore-not-found=true
   ~(keystone_admin)]$ kubectl delete ValidatingWebhookConfiguration image-admission-config --ignore-not-found=true
   ~(keystone_admin)]$ kubectl delete crd clusterimagepolicies.securityenforcement.admission.cloud.ibm.com imagepolicies.securityenforcement.admission.cloud.ibm.com --ignore-not-found=true
   ~(keystone_admin)]$ kubectl delete clusterroles.rbac.authorization.k8s.io portieris --ignore-not-found=true
   ~(keystone_admin)]$ kubectl delete clusterrolebindings.rbac.authorization.k8s.io admission-portieris-webhook   --ignore-not-found=true
   ~(keystone_admin)]$ kubectl delete ns/portieris --ignore-not-found=true
   ~(keystone_admin)]$ helm delete portieris-portieris --purge --no-hooks
   ~(keystone_admin)]$ system application-remove portieris

3. Delete the application.

   ~(keystone_admin)]$ system application-delete portieris