When you uninstall identity configuration management for Kubernetes, it might take up to 5 minutes to complete the uninstall process. The uninstall removes most operator components, excluding components such as custom resource definitions. After this uninstall, you must reinstall the operator before reinstalling the custom resource.

Prerequisite: Delete the IDPConfig and AuthRealm custom resources

Before you uninstall the identity configuration management for Kubernetes:

  1. You must delete all of the AuthRealm custom resources that are managed by the operator.

  2. You must delete the IDPConfig CR, this will delete several operators except the installer operator. The installer operator will be deleted when you delete the identity configuration management from the hub.

Note: When a cluster’s authentication is no longer managed by identity configuration management, either because you’ve deleted all AuthRealms that apply to the cluster or because the cluster no longer matches any Placement rules in your AuthRealms, the original oauth configuration that was in place before identity configuration management began managing the cluster’s oauth will be restored. This is only true if the managed cluster is still attached to the hub cluster at the point that the managed cluster becomes no longer manged by identity configuration management. Should you need to manually restore the original OAuth, you can find the backup in the ConfigMap named idp-oauth-original in the managed cluster’s namespace on the hub cluster.

Removing resources by using commands

  1. If you have not already, ensure that your OpenShift Container Platform CLI is configured to run oc commands. See Getting started with the OpenShift CLI in the OpenShift Container Platform documentation for more information about how to configure the oc commands.

  2. Enter the following commands to locate and delete the identity configuration management ClusterServiceVersion in the namespace it is installed in:

    ❯ oc get csv -A
NAMESPACE            NAME                         DISPLAY                                                           VERSION   REPLACES   PHASE
idp-mgmt-config      idp-mgmt-operator.v1.0.0     identity configuration management for Kubernetes for Kubernetes   1.0.0                Succeeded

❯ oc delete clusterserviceversion idp-mgmt-operator.v1.0.0 -n idp-mgmt-config
❯ oc delete sub idp-mgmt-operator -n idp-mgmt-config

    Note: The CSV version and operator namespace shown here may be different.

Deleting the components by using the console

When you use the RedHat OpenShift Container Platform console to uninstall, you remove the operator. Complete the following steps to uninstall by using the console:

  1. In the OpenShift Container Platform console navigation, select Operators > Installed Operators > identity configuration management for Kubernetes.

  2. Remove the identity configuration management for Kubernetes operator by selecting the Options menu and selecting Uninstall operator.

Manual cleanup steps

Once the identity configuration management operator has been removed, some manual cleanup is required to completely remove all artifacts of the Technology Preview.

  1. Delete a remaining clusterrole

    Run the following command on the hub cluster:

    oc delete clusterrole dex-operator-dexsso

Troubleshooting Uninstall

If the identity configuration management custom resource is not being removed, remove any potential remaining artifacts by running the clean-up script.

  1. Copy the following script into a file:

    #!/bin/bash
oc delete crd authrealms.identityconfig.identitatem.io
oc delete crd clusteroauths.identityconfig.identitatem.io
oc delete crd strategies.identityconfig.identitatem.io
oc delete crd dexclients.auth.identitatem.io
oc delete crd dexservers.auth.identitatem.io