Decommission cluster or tenant


Decommission cluster

These instructions assume that the cluster itself will be decommissioned as well. Don’t hesitate to reach out to Project Syn IG if you need help with just "desynthesizing" a cluster which will not be decommissioned completely.

  1. Clone the cluster catalog repo

    export CLUSTER_ID=<cluster-id> (1)
    export LIEUTENANT_URL=
    git clone $(curl -sH"Authorization: Bearer$(commodore fetch-token)" \
        "${LIEUTENANT_URL}/clusters/${CLUSTER_ID}" | jq -r '.gitRepo.url')
    1 Cluster ID of cluster to decommission
  2. Remove all secrets referenced by the cluster catalog in Vault:

    export VAULT_ADDR=
    vault login -method=oidc
    cd path/to/catalog/repo
    for secret in $(find refs/ -type f -printf "clusters/kv/%P\n" \
        | sed -r 's#(.*)/.*#\1#' | grep -v '__shared__/__shared__' \
        | sort -u);
      vault kv delete "$secret"

    vault kv delete doesn’t fully destroy the secret. You can restore secrets which were deleted with vault kv delete using vault kv undelete.

  3. Remove cluster in

    • Search for the cluster

    • Click the delete button on the right

    This will also archive the cluster catalog Git repository on GitLab.

Decommission tenant

  1. Decommission all clusters still associated with the tenant according to the previous section.

  2. Delete tenant in

    • Search for the tenant

    • Click the delete button on the right

      This should archive the tenant Git repository on GitLab.