CODECO Removal Script
Made by @lutjebroek
FYI: @yanlong01, @jordimarias, @danielulied, @sinusignal, @adelrioo, @rudonezar, @rs19104, @dalal, @zhuhongyuy, @andriesstam, @tymon
To install Codeco, a clean installation is required to avoid potential bugs.
This removal script should be referenced in the main CODECO README and made easily accessible for users:
#!/bin/bash
# CODECO Removal Script
# - Deletes all installed pods in reverse order
# - Cleans up pulled component directories to ensure fresh installs
#
# Note: removal may hang on persistent volume claims. Use Ctrl-C to skip.
set -euo pipefail
echo "Starting uninstall of CODECO components..."
#######################################
# 1) Remove Kepler
#######################################
echo "Deleting Kepler resources..."
if kubectl get crd prometheusrules.monitoring.coreos.com >/dev/null 2>&1; then
kubectl delete -f kepler/_output/generated-manifest/deployment.yaml --ignore-not-found || true
else
echo "Skipping Kepler delete, PrometheusRule CRD missing."
fi
#######################################
# 2) Remove SWM (QoS Scheduler)
#######################################
echo "Uninstalling QoS Scheduler (SWM)..."
if helm status qos -n he-codeco-swm >/dev/null 2>&1; then
helm uninstall qos -n he-codeco-swm --timeout 300s || true
else
echo "QoS Scheduler release not found."
fi
kubectl delete namespace he-codeco-swm --ignore-not-found --timeout=5s || true
#######################################
# 3) Remove PDLC integrations
#######################################
echo "Uninstalling PDLC integrations..."
[ -x pdlc-integration/remove_yamls.sh ] && (cd pdlc-integration && ./remove_yamls.sh) || true
#######################################
# 4) Remove MDM stack
#######################################
echo "Uninstalling MDM components..."
MDM_RELEASES=(mdm-zookeeper mdm-kafka mdm-neo4j mdm-controller mdm-api k8s-connector kubescape-connector freshness-connector)
for rel in "${MDM_RELEASES[@]}"; do
if helm status "$rel" -n he-codeco-mdm >/dev/null 2>&1; then
helm uninstall "$rel" -n he-codeco-mdm --timeout 300s || true
else
echo "Helm release $rel not found, skipping."
fi
done
kubectl delete namespace he-codeco-mdm --ignore-not-found --timeout=5s || true
#######################################
# 5) Remove NetMA, L2SM & Connectivity stack
#######################################
echo "Deleting NetMA, L2SM, and networking resources..."
# Clean up cert-manager webhooks to avoid stale CA bundle issues
kubectl patch validatingwebhookconfiguration cert-manager-webhook --type=merge -p '{"webhooks":[{"name":"webhook.cert-manager.io","failurePolicy":"Ignore"}]}' 2>/dev/null || true
kubectl patch mutatingwebhookconfiguration cert-manager-webhook --type=merge -p '{"webhooks":[{"name":"webhook.cert-manager.io","failurePolicy":"Ignore"}]}' 2>/dev/null || true
kubectl delete validatingwebhookconfiguration cert-manager-webhook --ignore-not-found
kubectl delete mutatingwebhookconfiguration cert-manager-webhook --ignore-not-found
kubectl -n cert-manager delete certificate cert-manager-webhook-ca cert-manager-webhook --ignore-not-found
kubectl -n cert-manager delete secret cert-manager-webhook-ca cert-manager-webhook-tls --ignore-not-found
NETWORK_FILES=(
"network-exposure/kuberfiles/02_nemesys-deployment.yaml"
"network-state-management/netma-nsm-mon/Monitoring/test-automation.yaml"
"network-state-management/netma-nsm-mon/Monitoring/serviceaccount.yaml"
"network-state-management/netma-nsm-mon/k8s-netperf/k8s-netperf.yaml"
"network-exposure/kuberfiles/01_netma-topology-crd.yaml"
secure-connectivity/deployments_*.yaml
"secure-connectivity/non_deployments.yaml"
"secure-connectivity/deployments/l2sm-deployment.yaml"
"https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset-thick.yml"
"https://github.com/cert-manager/cert-manager/releases/download/v1.15.3/cert-manager.yaml"
"https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml"
)
for file in "${NETWORK_FILES[@]}"; do
echo " • Deleting manifest: $file"
kubectl delete -f "$file" --ignore-not-found || true
done
for pod in $(kubectl get pods -n he-codeco-netma -o name | grep 'l2sm-switch-'); do
echo "Forcing finalisation of $pod"
kubectl get $pod -n he-codeco-netma -o json | jq 'del(.metadata.finalizers)' | kubectl replace --raw "/api/v1/namespaces/he-codeco-netma/pods/$(basename $pod)" -f -
done
kubectl delete namespace he-codeco-netma --ignore-not-found --timeout=5s || true
if kubectl get namespace he-codeco-netma >/dev/null 2>&1; then
echo "Forcing removal of stuck namespace he-codeco-netma..."
kubectl get namespace he-codeco-netma -o json | jq '.spec.finalizers=[]' | kubectl replace --raw /api/v1/namespaces/he-codeco-netma/finalize -f -
fi
echo "NetMA, L2SM, and secure-connectivity stack removed."
#######################################
# 6) Remove Prometheus (kube-prometheus) stack
#######################################
echo "Deleting Prometheus operator & CRDs..."
if kubectl get crd servicemonitors.monitoring.coreos.com >/dev/null 2>&1; then
kubectl delete -f kube-prometheus/manifests/ --ignore-not-found || true
kubectl delete -f kube-prometheus/manifests/setup/ --ignore-not-found || true
else
echo "Skipping Prometheus manifests delete, CRDs missing."
fi
kubectl delete namespace monitoring --ignore-not-found --timeout=5s || true
#######################################
# 7) Remove cert-manager namespace
#######################################
echo "Deleting cert-manager namespace..."
kubectl delete namespace cert-manager --ignore-not-found || true
#######################################
# 8) Cleanup namespaced Roles & RoleBindings for monitoring
#######################################
echo "Cleaning up namespaced RBAC..."
PATTERNS='prometheus|blackbox|l2sm|netma|acm|lpm|l2network'
for ns in $(kubectl get ns -o jsonpath='{.items[*].metadata.name}' 2>/dev/null); do
for kind in role rolebinding; do
for name in $(kubectl get "$kind" -n "$ns" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' 2>/dev/null | grep -E "$PATTERNS" || true); do
if [[ -n "$name" ]]; then
echo " • Deleting ${kind^}: $name in namespace $ns"
kubectl delete "$kind" "$name" -n "$ns" --ignore-not-found || true
fi
done
done
done
for cr in $(kubectl get clusterrole -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep -E "$PATTERNS" || true); do
if [[ -n "$cr" ]]; then
echo " • Deleting ClusterRole: $cr"
kubectl delete clusterrole "$cr" --ignore-not-found
kubectl wait --for=delete clusterrole "$cr" --timeout=10s || true
fi
done
for crb in $(kubectl get clusterrolebinding -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | grep -E "$PATTERNS" || true); do
if [[ -n "$crb" ]]; then
echo " • Deleting ClusterRoleBinding: $crb"
kubectl delete clusterrolebinding "$crb" --ignore-not-found
kubectl wait --for=delete clusterrolebinding "$crb" --timeout=10s || true
fi
done
#######################################
# 9) Helm leftovers cleanup
#######################################
echo "Cleaning up remaining Helm releases..."
helm list --all-namespaces 2>/dev/null | tail -n +2 | awk '{print $2, $1}' | grep -vE ' traefik$' || true | while read -r namespace name; do
if [[ -n "${namespace:-}" && -n "${name:-}" ]]; then
echo "Uninstalling $name from $namespace"
helm uninstall "$name" -n "$namespace" || true
kubectl delete namespace "$namespace" --ignore-not-found || true
fi
done
#######################################
# 10) CRDs cleanup
#######################################
echo "Deleting custom CRDs..."
kubectl get crd -o name | grep -E 'connector|mdm|neo4j|k8s-connector|kubescape|prometheus-connector|qos-scheduler|zookeeper|kafka|codecoapps|netma|acm|siemens' | xargs -r kubectl delete --ignore-not-found --grace-period=0 --force || true
#######################################
# 11) Clean up all non-system namespaces
#######################################
echo "Cleaning up resources in non-system namespaces..."
NAMESPACES=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}' 2>/dev/null | tr ' ' '\n' | grep -Ev '^(kube-system|kube-public|kube-node-lease|default)$' || true)
for ns in $NAMESPACES; do
if [ -n "$ns" ]; then
echo "Cleaning namespace: $ns"
kubectl delete all --all -n "$ns" --ignore-not-found || true
kubectl delete pvc --all -n "$ns" --ignore-not-found || true
kubectl delete namespace "$ns" --ignore-not-found || true
fi
done
#######################################
# 12) Specific cleanup for kube-system
#######################################
echo "Cleaning non-core pods in kube-system..."
pods=$(kubectl get pods -n kube-system --no-headers | awk '{print $1}' | grep -Ev '^(coredns|metrics-server|local-path-provisioner|svclb-traefik|traefik)' || true)
if [[ -n "$pods" ]]; then
echo "Found non-core pods to delete:"
echo "$pods"
echo "$pods" | xargs kubectl delete pod -n kube-system
else
echo "No non-core pods found in kube-system."
fi
CRDS=$(kubectl get crds | grep 'l2sm' | awk '{print $1}' || true)
if [[ -n "$CRDS" ]]; then
echo "Deleting stuck CRDs related to L2SM..."
kubectl patch crd l2networks.l2sm.l2sm.k8s.local --type='merge' -p '{"metadata":{"finalizers":[]}}'
else
echo "No L2SM CRDs found."
fi
WEBHOOKS=$(kubectl get validatingwebhookconfigurations,mutatingwebhookconfigurations --no-headers | grep 'l2sm\|cert-manager' | awk '{print $1}' || true)
if [[ -n "$WEBHOOKS" ]]; then
echo "Deleting stuck webhook configurations..."
for webhook in $WEBHOOKS; do
TYPE=$(echo "$webhook" | cut -d'/' -f1)
NAME=$(echo "$webhook" | cut -d'/' -f2)
kubectl delete "$TYPE" "$NAME" --ignore-not-found --grace-period=0 --force
done
else
echo "No related webhook configurations found."
fi
rm -rf kepler/ kube-prometheus/ mdm-api/ mdm-connectors/ multus-cni/ network-exposure/ network-state-management/ pdlc-integration/ plugins/ qos-scheduler/ secure-connectivity/ new-prometheus-networkPolicy.yaml acm/kustomize
echo
echo "Uninstall complete. All CODECO components have been removed."