You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/rosa-deleting-cluster.adoc
+55-1Lines changed: 55 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,10 +10,19 @@ endif::[]
10
10
[id="rosa-deleting-cluster_{context}"]
11
11
= Deleting a cluster
12
12
13
-
You can delete an {product-title} cluster using the `rosa` CLI.
13
+
You can delete an {product-title} cluster using the `rosa` CLI.
14
+
15
+
ifdef::sts[]
16
+
You can also use the `rosa` CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. The cluster deletion must complete before you remove the IAM resources, because the resources are used in the cluster deletion and clean-up processes.
14
17
15
18
If add-ons are installed, the deletion takes longer because add-ons are uninstalled before the cluster is deleted. The amount of time depends on the number and size of the add-ons.
16
19
20
+
[IMPORTANT]
21
+
====
22
+
Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
23
+
====
24
+
endif::sts[]
25
+
17
26
.Procedure
18
27
19
28
. Enter the following command to delete a cluster and watch the logs, replacing `<cluster_name>` with the name or ID of your cluster:
@@ -22,6 +31,13 @@ If add-ons are installed, the deletion takes longer because add-ons are uninstal
22
31
----
23
32
$ rosa delete cluster --cluster=<cluster_name> --watch
24
33
----
34
+
ifdef::sts[]
35
+
+
36
+
[IMPORTANT]
37
+
====
38
+
You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate.
39
+
====
40
+
endif::sts[]
25
41
26
42
ifndef::sts[]
27
43
. To clean up your CloudFormation stack, enter the following command:
@@ -32,6 +48,44 @@ $ rosa init --delete-stack
32
48
----
33
49
endif::sts[]
34
50
51
+
ifdef::sts[]
52
+
. Delete the OIDC provider that the cluster Operators use to authenticate:
53
+
+
54
+
[source,terminal]
55
+
----
56
+
$ rosa delete oidc-provider -c <cluster_id> --mode auto <1>
57
+
----
58
+
<1> Replace `<cluster_id>` with the ID of the cluster.
59
+
+
60
+
[NOTE]
61
+
====
62
+
You can use the `-y` option to automatically answer yes to the prompts.
63
+
====
64
+
65
+
. Delete the cluster-specific Operator IAM roles:
66
+
+
67
+
[source,terminal]
68
+
----
69
+
$ rosa delete operator-roles -c <cluster_id> --mode auto <1>
70
+
----
71
+
<1> Replace `<cluster_id>` with the ID of the cluster.
72
+
73
+
. Delete the account-wide roles:
74
+
+
75
+
[source,terminal]
76
+
----
77
+
$ rosa delete account-roles --prefix <prefix> --mode auto <1>
78
+
----
79
+
<1> You must include the `--<prefix>` argument. Replace `<prefix>` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, `ManagedOpenShift`.
80
+
+
81
+
[IMPORTANT]
82
+
====
83
+
Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters.
84
+
====
85
+
86
+
. Use the AWS IAM Console to delete the account-wide inline and Operator policies. For detailed steps, see the _Deleting the AWS resources by using the AWS IAM Console_ section.
0 commit comments