3c5fa979a4
Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
56 lines
2.2 KiB
ReStructuredText
56 lines
2.2 KiB
ReStructuredText
|
|
.. kqa1596551916697
|
|
.. _remove-portieris:
|
|
|
|
================
|
|
Remove Portieris
|
|
================
|
|
|
|
You can remove the Portieris admission controller completely from a |prod|
|
|
system.
|
|
|
|
.. rubric:: |proc|
|
|
|
|
#. Remove the application.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system application-remove portieris
|
|
|
|
#. Delete kubernetes resources not automatically removed in the previous step.
|
|
|
|
This is required if you plan to reapply the application.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ kubectl delete clusterroles.rbac.authorization.k8s.io portieris
|
|
~(keystone_admin)$ kubectl delete clusterrolebindings.rbac.authorization.k8s.io admission-portieris-webhook
|
|
~(keystone_admin)$ kubectl delete -n portieris secret/portieris-certs
|
|
~(keystone_admin)$ kubectl delete -n portieris cm/image-policy-crds
|
|
~(keystone_admin)$ kubectl delete -n portieris serviceaccounts/portieris
|
|
|
|
.. note::
|
|
If this step is done before removing the application in step 1, the
|
|
removal will fail, leaving the application in the **remove-failed**
|
|
state. In such cases you will need to issue the following commands
|
|
to recover:
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ kubectl delete MutatingWebhookConfiguration image-admission-config --ignore-not-found=true
|
|
~(keystone_admin)$ kubectl delete ValidatingWebhookConfiguration image-admission-config --ignore-not-found=true
|
|
~(keystone_admin)$ kubectl delete crd clusterimagepolicies.securityenforcement.admission.cloud.ibm.com imagepolicies.securityenforcement.admission.cloud.ibm.com --ignore-not-found=true
|
|
~(keystone_admin)$ kubectl delete clusterroles.rbac.authorization.k8s.io portieris --ignore-not-found=true
|
|
~(keystone_admin)$ kubectl delete clusterrolebindings.rbac.authorization.k8s.io admission-portieris-webhook --ignore-not-found=true
|
|
~(keystone_admin)$ kubectl delete ns/portieris --ignore-not-found=true
|
|
~(keystone_admin)$ helm delete portieris-portieris --purge --no-hooks
|
|
~(keystone_admin)$ system application-remove portieris
|
|
|
|
#. Delete the application.
|
|
|
|
.. code-block:: none
|
|
|
|
~(keystone_admin)$ system application-delete portieris
|
|
|
|
|