×

When you install Red Hat Advanced Cluster Security for Kubernetes, it creates:

  • A namespace called stackrox and installs Red Hat Advanced Cluster Security for Kubernetes and its components in that namespace

  • PodSecurityPolicy and Kubernetes role-based access control (RBAC) objects for all components

  • Additional labels on namespaces, for use in generated network policies

  • An Application CRD (if it does not exist)

Uninstalling Red Hat Advanced Cluster Security for Kubernetes involves deleting all these items.

Deleting namespace

You can delete the namespace that Red Hat Advanced Cluster Security for Kubernetes creates, by using the OpenShift Container Platform or Kubernetes command-line interface.

Procedure
  • Delete the stackrox namespace:

    • On OpenShift Container Platform:

      $ oc delete namespace stackrox
    • On Kubernetes:

      $ kubectl delete namespace stackrox

Deleting global resources

You can delete the global resources that Red Hat Advanced Cluster Security for Kubernetes creates, by using the OpenShift Container Platform or Kubernetes command-line interface.

Procedure
  • Delete global resources:

    • On OpenShift Container Platform:

      $ oc get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs oc delete --wait
      $ oc delete scc -l "app.kubernetes.io/name=stackrox"
      $ oc delete ValidatingWebhookConfiguration stackrox
    • On Kubernetes:

      $ kubectl get clusterrole,clusterrolebinding,role,rolebinding,psp -o name | grep stackrox | xargs kubectl delete --wait
      $ kubectl delete ValidatingWebhookConfiguration stackrox

Deleting labels and annotations

You can delete the labels and annotations that Red Hat Advanced Cluster Security for Kubernetes creates, by using the OpenShift Container Platform or Kubernetes command-line interface.

Procedure
  • Delete labels and annotations:

    • On OpenShift Container Platform:

      $ for namespace in $(oc get ns | tail -n +2 | awk '{print $1}'); do     oc label namespace $namespace namespace.metadata.stackrox.io/id-;     oc label namespace $namespace namespace.metadata.stackrox.io/name-;     oc annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-;   done
    • On Kubernetes:

      $ for namespace in $(kubectl get ns | tail -n +2 | awk '{print $1}'); do     kubectl label namespace $namespace namespace.metadata.stackrox.io/id-;     kubectl label namespace $namespace namespace.metadata.stackrox.io/name-;     kubectl annotate namespace $namespace modified-by.stackrox.io/namespace-label-patcher-;   done