Skip to main content

Deprovisioning

Summary

For users who want to destroy the Kubefirst management cluster you can complete the deprovisioning process with the steps outlined below. These steps take place from the command line.

These instructions only cover the process to deprovision your management cluster, not your installer cluster.

  • We recommend deprovisioning the installer cluster from Kubefirst before you deprovision your management cluster.
  • If you have already deprovisioned the management cluster and no longer have access to the Kubefirst UI, you can remove the installer cluster through the cloud in which you installed

Note: This process does not completely remove any local directories or associated files.

Deprovisioning Scenarios

Removing a test Kubefirst Pro install

I’m deprovisioning because I was just testing things out and want to get rid of all of the associated resources.

We’re sorry to see you go, but… if this is your scenario, proceed with the instructions as written.

Removing a management cluster as part of cleanup

I’m deprovisioning a management cluster as part of a cleanup for a production setup.

warning

If you are removing your management cluster as part of a general cleanup these instructions are a bit more extensive than what your scenario requires.

  • Do NOT delete your workload clusters from Kubefirst
  • Do NOT delete your repositories or GitOps details (anything from step 3 onward).

Prerequisites

Before deprovisioning there are several things you will need to have set up to successfully complete the process. Each of those items, including the commands to install, are identified below.

Note: The commands below assume you are using Homebrew.

Kubefirst CLI

For users that did not install or operate from the command line, you will need to install the Kubefirst CLI.

Run the following command to install brew install kubefirst/tools/kubefirst

Kubectl (Kubernetes CLI)

Run the following command to install Kubectl brew install kubernetes-cli

Cloud CLI

Depending on the cloud you installed with, select the provider below and refer to the command to install that specific CLI

Clouds CLIs

If the command-line tool for the chosen cloud provider is not installed, select the cloud and run the specified command. For questions refer to the linked documentation for installation details:

brew install awscli

Review more information in the AWS documentation.

Terraform CLI

To complete the deprovisioning process, install the Terraform CLI. brew install terraform

Get your cluster details

Get your kubeconfig details for your cluster with the command specified. In the commands provided for each cloud, replace my-cluster with your cluster name.

aws eks update-kubeconfig --name <my-cluster> --region <my-cluster-region>

Getting Support

Started the deprovisioning and ran into an issue? Have a question about the process and don’t see it mentioned here?

TL;DR we’ve got you covered. Join our Slack Community for support and get the answers you need!

Steps for Deprovisioning

Step 1 - Retrieve and set your Vault token

This command assumes you've exported the environment variable KUBECONFIG=/path/to/my/kubeconfig - if not, you can add --kubeconfig /path/to/my/kubeconfig just after kubectl.

export VAULT_TOKEN=$(kubectl -n vault get secrets/vault-unseal-secret --template='{{index .data "root-token"}}' | base64 -d)

If you have not exported your KUBECONFIG environment variable run the following:

export VAULT_TOKEN=$(kubectl -n vault get secrets/vault-unseal-secret --template='{{index .data "root-token"}}' | base64 -d)

Step 2 - Retrieve your environment variables

To complete deprovisioning you will need to retrieve your environment variables. This first command collects your secrets from the ATLANTIS key in Vault and outputs them to a file referenced by the --output-file flag. It needs the YOUR_DOMAIN portion to be replaced with your domain. The second command sets the environment variable values in the current terminal context.

kubefirst terraform set-env \
--vault-token $VAULT_TOKEN \
--vault-url https://vault.YOUR_DOMAIN \
--output-file .env

source .env
warning

If Vault wasn't correctly deployed and initiated when you created your cluster, this step won't generate a proper .env file. This does not mean that the cluster or other resources weren't created properly. To complete deprovisioning you will need to do one of the following:

  • Set some environment variables manually (see the tip at the Cloud Provider step to see all values needed)
  • Provide the specific values to Terraform when prompted
Stop here

Stop here if you have provisioned infrastructure in addition to the management cluster created by the Kubefirst installation.

Step 3 - Clone your GitOps repository

Warning: Do not complete this step if you have provisioned infrastructure in addition to the management cluster created by the Kubefirst installation.

Some notes on cloning your GitOps repository:

  • This step requires access to your GitHub or GitLab token (this is typically the same token you used to create your initial management cluster)
  • Update the command to reflect the organization (my-org) you specified as part of the initial cluster creation

Clone using HTTPS

For HTTPS run the following command for GitHub

git clone https://github.com/<my-org>/gitops.git

For HTTPS run the following command for GitLab

git clone https://gitlab.com/<my-group>/gitops.git

Clone using SSH

For SSH run the following command for GitHub

git clone [email protected]:<my-org>/gitops.git

For SSH run the following command for GitLab

git clone [email protected]:<my-group>/gitops.git

Step 4 - Run Terraform to destroy your cluster

Warning: Do not complete this step if you have provisioned infrastructure in addition to the management cluster created by the Kubefirst installation.

Danger

If you have added custom resources to the Terraform section of your GitOps repository, these resources are included in the plan. Exercise extreme caution when destroying, and review Terraform’s official documentation before proceeding.

  1. Switch to the Terraform directory inside of the cloned GitOps repository. For example: cd gitops/terraform
  2. Locate the subdirectory for you cloud (for example: Civo) that contains the infrastructure-as-code declarations for your Kubefirst resources. For example: cd civo
  3. Once you have confirmed that you are appropriate directory you can use the standard Terraform commands:
    • terraform init
    • terraform destroy

Notes on Terraform destroy

If the init command is not working, it's probably related to the .env file not being sourced or created properly.

  • To validate that it was sourced correctly run echo $TF_VAR_kbot_ssh_private_key which should return a value.
  • If you close your terminal or reload your ZSH or Bash configuration files, the values will be lost: you will need to source the .env file again.
  • You can also validate that the file contains the required environment variables, and should have items including: AWS_ACCESS_KEY_ID, VAULT_TOKEN, and VAULT_ADDR, etc.

Step 5 - Removing remaining assets from your cloud

Warning: Do not complete this step if you have provisioned infrastructure in addition to the management cluster created by the Kubefirst installation.

To fully complete the deprovisioning, depending on your cloud, you will have to log in to your cloud console or use your cloud specific CLI to manually remove some infrastructure associated with your cluster.

Once you’ve successfully deleted the remaining volumes run terraform destroy to remove the remaining resources.

tip

For Civo deprovisioning check out the documentation available here.

Step 6 - Removing other assets

Installing Kubefirst creates folders and assets in a handful of places that deprovisioning doesn’t specifically address.

To completely remove all of the local assets you will need to verify that your Docker installation has no remaining containers or volumes associated with Kubefirst.

You can also verify that you remove any files or folders from your local machine including the ~/.k1 folder, the ~/.kubefirst file.

tip

Going through these extra steps also ensures that any future Kubefirst or Kubefirst Pro installations don’t fail when they encounter assets from former installations.

🎉 Success - You have successfully deprovisioned your Kubefirst installation.