Skip to main content
Version: 2.2

deprovision

To destroy your kubefirst cluster, complete the following steps.

Prerequisites

You will need to install the kubefirst CLI if it is not already installed.

Before continuing, use the command-line tool for the chosen cloud provider to get the kubeconfig for your cluster:

AWS

aws eks update-kubeconfig --name my-cluster --region us-east-1

Civo

civo kubernetes config my-cluster

If the command-line tool for the chosen cloud provider is not installed, consult the following documentation for install steps:

AWS

AWS documentation

Civo

Civo documentation

You will also need to install terraform.

Steps

Once you have the kubeconfig file for your cluster, retrieve the Vault token:

kubectl -n vault get secrets/vault-unseal-secret --template='{{index .data "root-token"}}' | base64 -d

This assumes you've exported the environment variable KUBECONFIG=/path/to/my/kubeconfig - if not, you can add --kubeconfig /path/to/my/kubeconfig just after kubectl.

Once you have the Vault root token, run the following kubefirst command to retrieve the required environment variables for deprovisioning:

kubefirst terraform set-env \
--vault-token hvs... \
--vault-url https://vault.mydomain.com \
--output-file /some/path/.env

This will collect the required variables from the necessary secret path and output them to a file referenced by the --output-file flag - this will be the current directory at .env if no option is provided. You may override this path to whichever destination makes the most sense to you.

Once the file generated by the previous command is available to you, you may export the variables to your bash session by running the following command:

source /some/path/.env

Next, you will need to clone the gitops repository generated by kubefirst during the initial cluster creation:

git clone [email protected]:my-group/gitops.git

Terraform

danger

If you have added custom resources to the terraform section of your gitops repository, these resources will show up in the plan. Please exercise caution when destroying.

caution

The use of terraform is outside of the scope of this documentation. Please consult the official documentation before proceeding.

Switch to the terraform directory inside of the cloned gitops repository. For example:

cd gitops/terraform

Within the terraform directory, there are several subdirectories that contain the infrastructure-as-code declarations for your kubefirst resources.

Cloud Provider

To deprovision the cloud provider resources, switch to the cloud provider subdirectory - for example:

cd civo

You can then use standard terraform commands:

terraform init
terraform destroy

Git

To deprovision the git provider resources, switch to the git provider subdirectory - for example:

cd gitops/git

You can then use standard terraform commands:

terraform init
terraform destroy

Once you've destroyed Terraform resources for the cloud and git providers, the only resource left to clean up is the state storage objects that kubefirst created on your behalf. If you'd like to remove these, this can be achieved by using the cloud console or the command-line utility for your chosen cloud provider.

k3d

k3d

kubefirst k3d destroy

The command will also delete everything added to your GitHub or GitLab account, while cleaning local files related to your deployment.

reset (optional)

You can use the kubefirst reset command to clean local files generated by the installer while leaving the logs file, and the SSL certificates that you backed up untouched. This command will not destroy your cluster (cloud resources or k3d), and is not a replacement for the destroy command.

Local only

Removing CA from the trusted store

If you installed the mkcert CA (Certificate Authority) to your trusted store, you can remove it with:

mkcert -uninstall