Decommission cluster or tenant

Prerequisites

Decommission cluster

These instructions assume that the cluster itself will be decommissioned as well. Don’t hesitate to reach out to Project Syn IG if you need help with just "desynthesizing" a cluster which will not be decommissioned completely.

  1. Clone the cluster catalog repo

    export CLUSTER_ID=<cluster-id> (1)
    
    export LIEUTENANT_URL=https://api.syn.vshn.net
    git clone $(curl -sH"Authorization: Bearer$(commodore fetch-token)" \
        "${LIEUTENANT_URL}/clusters/${CLUSTER_ID}" | jq -r '.gitRepo.url')
    1 Cluster ID of cluster to decommission
  2. Remove all secrets referenced by the cluster catalog in Vault:

    export VAULT_ADDR=https://vault-prod.syn.vshn.net
    
    vault login -method=oidc
    
    cd path/to/catalog/repo
    for secret in $(find refs/ -type f -printf "clusters/kv/%P\n" | sed -r 's#(.*)/.*#\1#'); do
      vault kv delete "$secret"
    done

    vault kv delete doesn’t fully destroy the secret. You can restore secrets which were deleted with vault kv delete using vault kv undelete.

  3. Remove cluster in control.vshn.net

    • Search for the cluster

    • Click the delete button on the right

    This will also archive the cluster catalog Git repository on GitLab.

Decommission tenant

  1. Decommission all clusters still associated with the tenant according to the previous section.

  2. Delete tenant in control.vshn.net

    • Search for the tenant

    • Click the delete button on the right

      This should archive the tenant Git repository on GitLab.