openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/rosa-getting-started-deleting-a-cluster.adoc
EricPonvelle b4623ecb5d OSDOCS-15910: Pruning HCP Cluster Installation
2025-09-04 19:48:52 +00:00

104 lines
4.4 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * rosa_getting_started/rosa-getting-started.adoc
// * rosa_getting_started/rosa-quickstart-guide-ui.adoc
// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
ifeval::["{context}" == "rosa-getting-started"]
:getting-started:
endif::[]
ifeval::["{context}" == "rosa-quickstart"]
:quickstart:
endif::[]
:_mod-docs-content-type: PROCEDURE
[id="rosa-getting-started-deleting-a-cluster_{context}"]
= Deleting a {product-title} cluster and the AWS IAM STS resources
ifdef::openshift-rosa-hcp[]
You can delete a {product-title} cluster by using the ROSA CLI, `rosa`. You can also use the {rosa-cli} to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide and Operator policies, you can use the AWS IAM Console or the AWS CLI.
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa[]
You can delete a {product-title} cluster that uses the AWS Security Token Service (STS) by using the {rosa-cli}. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console or the AWS CLI.
endif::openshift-rosa[]
[IMPORTANT]
====
Account-wide IAM roles and policies might be used by other {product-title} clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
====
ifdef::getting-started[]
.Prerequisites
* You installed and configured the latest {rosa-cli} on your workstation.
* You logged in to your Red{nbsp}Hat account using the {rosa-cli}.
* You created a {product-title} cluster.
endif::[]
.Procedure
. Delete a cluster and watch the logs, replacing `<cluster_name>` with the name or ID of your cluster:
+
[source,terminal]
----
$ rosa delete cluster --cluster=<cluster_name> --watch
----
+
[IMPORTANT]
====
You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate with AWS APIs.
====
. After the cluster is deleted, delete the OIDC provider that the cluster Operators use to authenticate:
+
[source,terminal]
----
$ rosa delete oidc-provider -c <cluster_id> --mode auto <1>
----
<1> Replace `<cluster_id>` with the ID of the cluster.
+
[NOTE]
====
You can use the `-y` option to automatically answer yes to the prompts.
====
. Delete the cluster-specific Operator IAM roles:
+
[source,terminal]
----
$ rosa delete operator-roles -c <cluster_id> --mode auto <1>
----
<1> Replace `<cluster_id>` with the ID of the cluster.
. Delete the account-wide roles:
+
[IMPORTANT]
====
Account-wide IAM roles and policies might be used by other {product-title} clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
====
+
[source,terminal]
----
$ rosa delete account-roles --prefix <prefix> --mode auto <1>
----
<1> You must include the `--<prefix>` argument. Replace `<prefix>` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, depending on how they were created, `HCP-ROSA` or `ManagedOpenShift`.
ifdef::openshift-rosa-hcp[]
. Delete the account-wide and Operator IAM policies that you created for {product-title} deployments:
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa[]
. Delete the account-wide and Operator IAM policies that you created for {product-title} deployments that use STS:
endif::openshift-rosa[]
+
.. Log in to the link:https://console.aws.amazon.com/iamv2/home#/home[AWS IAM Console].
.. Navigate to *Access management* -> *Policies* and select the checkbox for one of the account-wide policies.
.. With the policy selected, click on *Actions* -> *Delete* to open the delete policy dialog.
.. Enter the policy name to confirm the deletion and select *Delete* to delete the policy.
.. Repeat this step to delete each of the account-wide and Operator policies for the cluster.
ifeval::["{context}" == "rosa-getting-started"]
:!getting-started:
endif::[]
ifeval::["{context}" == "rosa-quickstart"]
:!quickstart:
endif::[]
View Git Blame Copy Permalink