Uninstall with nginx-meshctl
This topic explains how to uninstall F5 NGINX Service Mesh using nginx-meshctl.
OpenShift users: Before uninstalling, read through the OpenShift considerations guide to make sure you understand the implications.
Uninstalling does the following:
- Removes the control plane and its contents from Kubernetes.
- Deletes all NGINX Service Mesh traffic policies.
The nginx-meshctl command-line utility prints a list of resources that contain the sidecar proxies when the uninstall completes. You must re-roll the Deployments in Kubernetes to remove the sidecars. Until you re-roll the resources, the sidecar proxies still exist, but they don’t apply any rules to the traffic.
To uninstall the Service Mesh control plane using the nginx-meshctl command-line utility, run the command shown below.
nginx-meshctl removeWhen prompted for confirmation, specify y or n.
If you want to skip the confirmation prompt, add the -y flag as shown in the example below.
nginx-meshctl remove -yIf your resources support Rolling Updates (Deployments, DaemonSets, and StatefulSets), run the following kubectl command for each resource to complete the uninstall.
kubectl rollout restart <resource type>/<resource name>For example:
kubectl rollout restart deployment/frontendIf you want to redeploy NGINX Service Mesh after removing it, you need to re-roll the resources after the new NGINX Service Mesh is installed. Sidecars from an earlier NGINX Service Mesh installation won’t work with a new installation.
In some cases, the remove command may fail for unexpected reasons due to environmental, network, or timeout errors. If the remove command fails continually, manual intervention may be necessary.
Run this command to see all resources associated with the mesh currently present in your cluster:
kubectl api-resources --verbs=list -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -l app.kubernetes.io/part-of=nginx-service-mesh -AUse the following script to list and patch all Spiffeid resources:
for ns in $(kubectl get ns | awk '{print $1}' | tail -n +2)
do
if [ $(kubectl get spiffeids -n $ns 2>/dev/null | wc -l) -ne 0 ]
then
    kubectl patch spiffeid $(kubectl get spiffeids -n $ns | awk '{print $1}' | tail -n +2) --type='merge' -p '{"metadata":{"finalizers":null}}' -n $ns
fi
doneAfter patching the Spiffeids the namespace should be removed.
If you are unable to resolve the issues, please reach out to the appropriate support channel.