The system did not complete deleting the NSX Application Platform components from the TKG Cluster on Supervisor or upstream Kubernetes cluster because the kubeconfig file expired before the delete operation completed.

Problem

While trying to delete the NSX Application Platform deployment from the TKG Cluster on Supervisor or upstream Kubernetes cluster, the operation failed to finish because the kubeconfig file that you are using to connect to the TKG Cluster on Supervisor or upstream Kubernetes cluster expired before the delete operation finished. You performed the force delete operation when prompted. However, that operation only removed the NSX Application Platform entry from the NSX Manager unified appliance. The previously deployed NSX Application Platform components still exist on the TKG Cluster on Supervisor or upstream Kubernetes cluster. You must delete those components before you can use the same TKG Cluster on Supervisor or upstream Kubernetes cluster for any future NSX Application Platform deployment.

Cause

The TKG Cluster on Supervisor or upstream Kubernetes cluster became inaccessible because the kubeconfig file that you used to access the cluster expired or became invalid.

Solution

  1. Obtain an updated kubeconfig file from your infrastructure administrator so you can access the same TKG Cluster on Supervisor or upstream Kubernetes cluster.

    Alternatively, ask your infrastructure administrator to help you remove the NSX Application Platform components that are still remaining on the TKG Cluster on Supervisor or upstream Kubernetes cluster.

  2. Log into the NSX Manager appliance node as a root user.
    Note that the napp-h command used in later solution steps is an alias in the NSX Manager session for the following command.
    helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform
  3. Copy the updated kubeconfig file to the file's current location in the NSX Manager appliance at /config/vmware/napps/.kube.
  4. If you activated the NSX Network Detection and Response feature on the NSX Application Platform, delete the feature first using one of the following methods.
    • From the NSX Manager command prompt, use the following API calls.

      nsx-manager-prompt> napp-h uninstall cloud-connector
      nsx-manager-prompt> napp-h uninstall nsx-ndr
    • From any other system that has access to the TKG Cluster on Supervisor or upstream Kubernetes cluster and installed Helm chart, use the following API calls.

      K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall cloud-connector
      K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall nsx-ndr

    If any or all of the previous commands provided in this step fail or time out, retry the delete process using the following API calls.

    From the NSX Manager command prompt, use the following API calls.

    nsx-manager-prompt> napp-h uninstall cloud-connector --no-hooks
    nsx-manager-prompt> napp-h uninstall nsx-ndr --no-hooks

    From any other system that has access to the TKG Cluster on Supervisor or upstream Kubernetes cluster, use the following API calls.

    K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall cloud-connector --no-hooks
    K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall nsx-ndr --no-hooks
  5. If you activated the the NSX Malware Prevention feature on the NSX Application Platform, delete it first using one of the following methods.
    • From the NSX Manager command prompt, use the following API calls.

      nsx-manager-prompt> napp-h uninstall cloud-connector 
      nsx-manager-prompt> napp-h uninstall reputation-service
      nsx-manager-prompt> napp-h uninstall malware-prevention
    • From any other system that has access to the TKG Cluster on Supervisor or upstream Kubernetes cluster, use the following API calls.

      K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall cloud-connector 
      K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall reputation-service
      K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall malware-prevention

    If any or all of the previous commands provided in this step fail or time out, retry using the following API calls.

    From the NSX Manager command prompt, use the following API calls.

    nsx-manager-prompt> napp-h uninstall cloud-connector --no-hooks
    nsx-manager-prompt> napp-h uninstall reputation-service --no-hooks
    nsx-manager-prompt> napp-h uninstall malware-prevention --no-hooks

    From any other system that has access to the TKG Cluster on Supervisor or upstream Kubernetes cluster, use the following API calls.

    K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall cloud-connector --no-hooks
    K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall reputation-service --no-hooks
    K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall malware-prevention --no-hooks
  6. If you activated the Security Intelligence feature on the NSX Application Platform, delete it first using one of the following methods.
    • From the NSX Manager command prompt, use the following API call.

      nsx-manager-prompt> napp-h uninstall intelligence
    • From any other system that has access to the TKG Cluster on Supervisor or upstream Kubernetes cluster and installed Helm chart, use the following API call.

      K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall intelligence

    If any or all of the previous commands provided in this step fail or time out, retry the delete process using the following API calls.

    From the NSX Manager command prompt, use the following API call.

    nsx-manager-prompt> napp-h uninstall intelligence --no-hooks

    From any other system that has access to the TKG Cluster on Supervisor or upstream Kubernetes cluster, use the following API call.

    K8s-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace nsxi-platform uninstall intelligence --no-hooks
  7. Delete the NSX Application Platform components. Type the following commands individually at the NSX Manager command prompt and in the order listed.
    1. If the Upgrade Coordinator was previously deployed, use the following command to uninstall it.
      nsx-manager-prompt> napp-h uninstall nsxi-upgrade
    2. Remove the NSX Metrics feature from the TKG Cluster on Supervisor or upstream Kubernetes cluster by typing the following command.
      nsx-manager-prompt> napp-h uninstall metrics
    3. Uninstall the NSX Application Platform from the TKG Cluster on Supervisor or upstream Kubernetes cluster, and delete its namespace by typing the following commands separately.
      nsx-manager-prompt> napp-h uninstall nsxi-platform 
      nsx-manager-prompt> kubectl --kubeconfig <path-to-updated-kubeconfig-file> delete namespace nsxi-platform 
    4. Uninstall the project contour component and delete its namespace using the following commands.
      nsx-manager-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace projectcontour uninstall projectcontour 
      nsx-manager-prompt> kubectl --kubeconfig <path-to-updated-kubeconfig-file> delete namespace projectcontour
    5. Uninstall the certificate manager and delete its namespace using the following commands.
      nsx-manager-prompt> helm --kubeconfig <path-to-updated-kubeconfig-file> --namespace cert-manager uninstall cert-manager
      nsx-manager-prompt> kubectl --kubeconfig <path-to-updated-kubeconfig-file> delete namespace cert-manager