When you uninstall identity configuration management for Kubernetes, it might take up to 5 minutes to complete the uninstall process. The uninstall removes most operator components, excluding components such as custom resource definitions. After this uninstall, you must reinstall the operator before reinstalling the custom resource.
Prerequisite: Delete the IDPConfig and AuthRealm custom resources
Before you uninstall the identity configuration management for Kubernetes:
-
You must delete all of the AuthRealm custom resources that are managed by the operator.
-
You must delete the IDPConfig CR, this will delete several operators except the installer operator. The installer operator will be deleted when you delete the identity configuration management from the hub.
Note: When a cluster’s authentication is no longer managed by identity configuration management, either because you’ve deleted all AuthRealms that apply to the cluster or because the cluster no longer matches any Placement rules in your AuthRealms, the original oauth configuration that was in place before identity configuration management began managing the cluster’s oauth will be restored. This is only true if the managed cluster is still attached to the hub cluster at the point that the managed cluster becomes no longer manged by identity configuration management. Should you need to manually restore the original OAuth, you can find the backup in the ConfigMap named idp-oauth-original
in the managed cluster’s namespace on the hub cluster.
Removing resources by using commands
-
If you have not already, ensure that your OpenShift Container Platform CLI is configured to run
oc
commands. See Getting started with the OpenShift CLI in the OpenShift Container Platform documentation for more information about how to configure theoc
commands. -
Enter the following commands to locate and delete the identity configuration management
ClusterServiceVersion
in the namespace it is installed in:❯ oc get csv -A NAMESPACE NAME DISPLAY VERSION REPLACES PHASE idp-mgmt-config idp-mgmt-operator.v1.0.0 identity configuration management for Kubernetes for Kubernetes 1.0.0 Succeeded ❯ oc delete clusterserviceversion idp-mgmt-operator.v1.0.0 -n idp-mgmt-config ❯ oc delete sub idp-mgmt-operator -n idp-mgmt-config
Note: The CSV version and operator namespace shown here may be different.
Deleting the components by using the console
When you use the RedHat OpenShift Container Platform console to uninstall, you remove the operator. Complete the following steps to uninstall by using the console:
-
In the OpenShift Container Platform console navigation, select Operators > Installed Operators > identity configuration management for Kubernetes.
-
Remove the identity configuration management for Kubernetes operator by selecting the Options menu and selecting Uninstall operator.
Manual cleanup steps
Once the identity configuration management operator has been removed, some manual cleanup is required to completely remove all artifacts of the Technology Preview.
-
Delete a remaining clusterrole
Run the following command on the hub cluster:
oc delete clusterrole dex-operator-dexsso
Troubleshooting Uninstall
If the identity configuration management custom resource is not being removed, remove any potential remaining artifacts by running the clean-up script.
-
Copy the following script into a file:
#!/bin/bash oc delete crd authrealms.identityconfig.identitatem.io oc delete crd clusteroauths.identityconfig.identitatem.io oc delete crd strategies.identityconfig.identitatem.io oc delete crd dexclients.auth.identitatem.io oc delete crd dexservers.auth.identitatem.io