Uninstalling the {zero-trust-full}

You can remove the Zero Trust Workload Identity Manager from OpenShift Container Platform by uninstalling the Operator and removing its related resources.

Uninstalling the Zero Trust Workload Identity Manager

You can uninstall the Zero Trust Workload Identity Manager by using the web console.

Prerequisites

You have access to the cluster with cluster-admin privileges.
You have access to the OpenShift Container Platform web console.
The Zero Trust Workload Identity Manager is installed.

Procedure

Log in to the OpenShift Container Platform web console.
Uninstall the Zero Trust Workload Identity Manager.
1. Go to Ecosystem → Installed Operators.
2. Click the Options menu next to the Zero Trust Workload Identity Manager entry, and then click Uninstall Operator.
3. In the confirmation dialog, click Uninstall.

Uninstalling Zero Trust Workload Identity Manager resources by using the CLI

After you have uninstalled the Zero Trust Workload Identity Manager, you have the option to delete its associated resources from your cluster.

Prerequisites

You have access to the cluster with cluster-admin privileges.

Procedure

Uninstall the operands by running each of the following commands:
1. Delete the SpireOIDCDiscoveryProvider cluster by running the following command:
  $ oc delete SpireOIDCDiscoveryProvider cluster
2. Delete the SpiffeCSIDriver cluster by running the following command:
  $ oc delete SpiffeCSIDriver cluster -l=app.kubernetes.io/name=zero-trust-workload-identity-manager
3. Delete the SpireAgent cluster by running the following command:
  $ oc delete SpireAgent cluster
4. Delete the SpireServer cluster by running the following command:
  $ oc delete SpireServer cluster
5. Delete the ZeroTrustWorkloadIdentityManager cluster by running the following command:
  $ oc delete ZeroTrustWorkloadIdentityManager cluster
6. Delete the persistent volume claim (PVC) by running the following command:
  $ oc delete pvc -l=app.kubernetes.io/name=spire-server
7. Delete the service by running the following command:
  $ oc delete service -l=app.kubernetes.io/name=zero-trust-workload-identity-manager -n zero-trust-workload-identity-manager
8. Delete the namespace by running the following command:
  $ oc delete ns zero-trust-workload-identity-manager
9. Delete the cluster role by running the following command:
  $ oc delete clusterrole -l=app.kubernetes.io/name=zero-trust-workload-identity-manager
10. Delete the admission wehhook configuration by running the following command:
  $ oc delete validatingwebhookconfigurations -l=app.kubernetes.io/name=zero-trust-workload-identity-manager
Delete the custom resource definitions (CRDs) by running each of the following commands:
1. Delete the SPIRE Server CRD by running the following command:
  $ oc delete crd spireservers.operator.openshift.io
2. Delete the SPIRE Agent CRD by running the following command:
  $ oc delete crd spireagents.operator.openshift.io
3. Delete the SPIFFEE CSI Drivers CRD by running the following command:
  $ oc delete crd spiffecsidrivers.operator.openshift.io
4. Delete the SPIRE OIDC Discovery Provider CRD by running the following command:
  $ oc delete crd spireoidcdiscoveryproviders.operator.openshift.io
5. Delete the SPIRE and SPIFFE cluster federated trust domains CRD by running the following command:
  $ oc delete crd clusterfederatedtrustdomains.spire.spiffe.io
6. Delete the cluster SPIFFE IDs CRD by running the following command:
  $ oc delete crd clusterspiffeids.spire.spiffe.io
7. Delete the SPIRE and SPIFFE cluster static entries CRD by running the following command:
  $ oc delete crd clusterstaticentries.spire.spiffe.io
8. Delete the Zero Trust Workload Identity Manager CRD by running the following command:
  $ oc delete crd zerotrustworkloadidentitymanagers.operator.openshift.io

Verification

To verify that the resources have been deleted, replace each oc delete command with oc get, and then run the command. If no resources are returned, the deletion was successful.