openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
b031f1f82b155c6853566e19ef94f3fe11e5fba7
openshift-docs/modules/rosa-hcp-deleting-cluster.adoc

138 lines
5.7 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * rosa_hcp/rosa-hcp-deleting-cluster.adoc
:_mod-docs-content-type: PROCEDURE
[id="rosa-hcp-deleting-cluster_{context}"]
= Deleting a {product-title} cluster and the cluster-specific IAM resources
You can delete a {product-title} cluster by using the {rosa-cli} or {cluster-manager-first}.
After deleting the cluster, you can clean up the cluster-specific Identity and Access Management (IAM) resources in your AWS account by using the {rosa-cli}. The cluster-specific resources include the Operator roles and the OpenID Connect (OIDC) provider.
[NOTE]
====
The cluster deletion must complete before you remove the IAM resources, because the resources are used in the cluster deletion and clean up processes.
====
If add-ons are installed, the cluster deletion takes longer because add-ons are uninstalled before the cluster is deleted. The amount of time depends on the number and size of the add-ons.
.Prerequisites
* You have installed a {product-title} cluster.
* You have installed and configured the latest {rosa-cli} on your installation host.
.Procedure
. Get the cluster ID, the Amazon Resource Names (ARNs) for the cluster-specific Operator roles, and the endpoint URL for the OIDC provider by running the following command:
+
[source,terminal]
----
$ rosa describe cluster --cluster=<cluster_name>
----
+
.Example output
[source,terminal]
----
Name: test_cluster
Domain Prefix: test_cluster
Display Name: test_cluster
ID: <cluster_id> <1>
External ID: <external_id>
Control Plane: ROSA Service Hosted
OpenShift Version: 4.21.0
Channel Group: stable
DNS: test_cluster.l3cn.p3.openshiftapps.com
AWS Account: <AWS_id>
AWS Billing Account: <AWS_id>
API URL: https://api.test_cluster.l3cn.p3.openshiftapps.com:443
Console URL:
Region: us-east-1
Availability:
- Control Plane: MultiAZ
- Data Plane: SingleAZ
Nodes:
- Compute (desired): 2
- Compute (current): 0
Network:
- Type: OVNKubernetes
- Service CIDR: 172.30.0.0/16
- Machine CIDR: 10.0.0.0/16
- Pod CIDR: 10.128.0.0/14
- Host Prefix: /23
- Subnets: <subnet_ids>
EC2 Metadata Http Tokens: optional
Role (STS) ARN: arn:aws:iam::<AWS_id>:role/test_cluster-HCP-ROSA-Installer-Role
Support Role ARN: arn:aws:iam::<AWS_id>:role/test_cluster-HCP-ROSA-Support-Role
Instance IAM Roles:
- Worker: arn:aws:iam::<AWS_id>:role/test_cluster-HCP-ROSA-Worker-Role
Operator IAM Roles: <2>
- arn:aws:iam::<AWS_id>:role/test_cluster-openshift-cloud-network-config-controller-cloud-crede
- arn:aws:iam::<AWS_id>:role/test_cluster-openshift-image-registry-installer-cloud-credentials
- arn:aws:iam::<AWS_id>:role/test_cluster-openshift-ingress-operator-cloud-credentials
- arn:aws:iam::<AWS_id>:role/test_cluster-kube-system-kube-controller-manager
- arn:aws:iam::<AWS_id>:role/test_cluster-kube-system-capa-controller-manager
- arn:aws:iam::<AWS_id>:role/test_cluster-kube-system-control-plane-operator
- arn:aws:iam::<AWS_id>:role/hcpcluster-kube-system-kms-provider
- arn:aws:iam::<AWS_id>:role/test_cluster-openshift-cluster-csi-drivers-ebs-cloud-credentials
Managed Policies: Yes
State: ready
Private: No
Created: Apr 16 2024 20:32:06 UTC
User Workload Monitoring: Enabled
Details Page: https://console.redhat.com/openshift/details/s/<cluster_id>
OIDC Endpoint URL: https://oidc.op1.openshiftapps.com/<cluster_id> (Managed) <3>
Audit Log Forwarding: Disabled
External Authentication: Disabled
----
<1> Lists the cluster ID.
<2> Specifies the ARNs for the cluster-specific Operator roles. For example, in the sample output the ARN for the role required by the Machine Config Operator is `arn:aws:iam::<aws_account_id>:role/mycluster-x4q9-openshift-machine-api-aws-cloud-credentials`.
<3> Displays the endpoint URL for the cluster-specific OIDC provider.
+
[IMPORTANT]
====
After the cluster is deleted, you need the cluster ID to delete the cluster-specific STS resources using the {rosa-cli}.
====
. Delete the cluster by using either the {cluster-manager} or the {rosa-cli}:
** To delete the cluster by using the {cluster-manager}:
.. Navigate to the {cluster-manager-url}.
.. Click the Options menu {kebab} next to your cluster and select *Delete cluster*.
.. Type the name of your cluster into the prompt and click *Delete*.
** To delete the cluster using the {rosa-cli}:
.. Run the following command, replacing `<cluster_name>` with the name or ID of your cluster:
+
[source,terminal]
----
$ rosa delete cluster --cluster=<cluster_name> --watch
----
+
[IMPORTANT]
====
You must wait for cluster deletion to complete before you remove the Operator roles and the OIDC provider.
====
. Delete the cluster-specific Operator IAM roles by running one of the following commands:
** For clusters without a shared Virtual Private Cloud (VPC):
+
[source,terminal]
----
$ rosa delete operator-roles --prefix <operator_role_prefix>
----
+
** For clusters with a shared VPC:
+
[source,terminal]
----
$ rosa delete operator-roles --prefix <operator_role_prefix> --delete-hosted-shared-vpc-policies
----
. Delete the OIDC provider by running the following command:
+
[source,terminal]
----
$ rosa delete oidc-provider --oidc-config-id <oidc_config_id>
----
//If reusing, porting, or separating this content, make sure to grab the "Troubleshooting" section from the assembly. It could not be included in the module because of xrefs.
View Git Blame Copy Permalink