2

I'm trying to uninstall and reinstall cert-manager on our Kubernetes clusters. Their uninstall docs mention:

Before continuing, ensure that all cert-manager resources that have been created by users have been deleted. You can check for any existing resources with the following command:

$ kubectl get Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges --all-namespaces

The command outputs hundreds of resources, spread across two dozen namespaces.

How can I efficiently delete them all, without deleting anything else in the namespaces?

The kubectl delete command requires specifying a namespace when deleting all of a certain type, like this: kubectl delete certificates -n example-ns, so that's no good here.

Deleting each one by name in a loop while specifying -A also doesn't work, since I need to specify the namespace:

$ kubectl delete -A order.certmanager.k8s.io/fcfa95477bc0149dbc16c99c54faa82e-cert-1862418815
error: a resource cannot be retrieved by name across all namespaces

What's the correct cli magic here?

Martijn Heemels
  • 7,438
  • 6
  • 39
  • 62

1 Answers1

3

You should delete the whole crd (Custom Resource Definition), first list your CRDs with

kubectl get crd

and then delete the CRD, with e.g. (using Issuer as example)

kubectl delete crd issuer.<something>.<something>

When the CRD is deleted, also all instances of that CRD (e.g. all resources of kind: Issuer) is deleted.

Jonas
  • 1,147
  • 5
  • 17
  • 31
  • Thanks, that worked. After deleting the relevant CRD's it was a bit scary seeing error messages, but they disappeared soon enough. I suppose there's a finalizer running that performs cleanup of the dependent resources when their CRD is deleted. – Martijn Heemels Dec 11 '20 at 13:36