Uninstalling the enforcer

About uninstalling the enforcer

The method of uninstalling the enforcer varies according to how you originally installed it and what type of install it was. Refer to the procedure that matches your situation.

Uninstalling a host enforcer

PREREQUISITE
: Local host with apoctl.
  1. From your local host with apoctl installed, generate a short-lived Microsegmentation token that you can use to uninstall the enforcer.
    macOS/Linux
    apoctl auth appcred --path ~/.apoctl/default.creds \ --restrict-role @auth:role=enforcer \ --restrict-role @auth:role=enforcer-installer \ --validity 60m
    Windows
    apoctl auth appcred --path '.apoctl/default.creds' ` --restrict-role @auth:role=enforcer ` --restrict-role @auth:role=enforcer-installer ` --validity 60m
  2. Retrieve the URL of your Microsegmentation Console API.
    macOS/Linux
    echo $MICROSEG_API
    Windows
    echo $Env:MICROSEG_API
  3. Access the target host, such as via SSH or Remote Desktop.
  4. Set a TOKEN environment variable containing the token you just generated.
    We’ve truncated the example token value below for readability.
    Linux
    export TOKEN=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWFsbSI6IkNlcnRpZmljYXRlIiwiZGF0YSI6eyJjb21tb25O....
    Windows
    $env:TOKEN="eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWFsbSI6IkNlcnRpZmljYXRlIiwiZGF0YSI6eyJjb21tb25O...."
  5. Set a MICROSEG_API environment variable on the target host containing the URL of the Microsegmentation Console API you just echoed on your local host.
    Linux
    export MICROSEG_API=https://api.microsegmentation.acme.co
    Windows
    $env:MICROSEG_API="https://api.microsegmentation.acme.co"
  6. Set a TARGET_NS environment variable containing the Microsegmentation namespace of the enforcer.
    Linux
    export TARGET_NS=/acme/aws-dev/vm1
    Windows
    $env:TARGET_NS="/acme/aws-dev/vm1"
  7. Install apoctl using the following command.
    Linux
    sudo curl -o /usr/local/bin/apoctl \ https://download.aporeto.com/releases/release-5.0.12/apoctl/linux/apoctl && \ sudo chmod 755 /usr/local/bin/apoctl
    Windows
    curl https://download.aporeto.com/releases/release-5.0.12/apoctl/windows/apoctl.msi -o apoctl.msi; ` if ($?) {. .\apoctl.msi /quiet} if ($?) {$env:PATH+="C:\Program Files\Apoctl;"}
  8. Use the following command to uninstall the enforcer.
    Linux
    sudo apoctl enforcer uninstall linux --token $TOKEN \ --enforcer-namespace $TARGET_NS \ --api $MICROSEG_API
    Windows
    apoctl enforcer uninstall windows --token $($env:TOKEN) ` --enforcer-namespace $($env:TARGET_NS) ` --api $($env:MICROSEG_API)
    We detail the apoctl enforcer uninstall command further in the reference documentation. You can also run apoctl enforcer uninstall -h to review its flags.
  9. Open the Microsegmentation Console web interface, select
    Enforcers
    under
    Manage
    , and navigate to the enforcer’s namespace.
    The enforcer should be absent.
  10. Remove apoctl and clear TOKEN.
    Linux
    sudo rm /usr/local/bin/apoctl export TOKEN=""
    Windows
    Start-Process msiexec.exe -ArgumentList '/x apoctl.msi /quiet' -Wait ; ` if($?) {rm 'apoctl.msi'} ` if($?) {$env:TOKEN=""} ; ` if($?) {rm '.apoctl' -r -fo}

Uninstalling a DaemonSet enforcer

PREREQUISITE
: Local host with apoctl.
  1. From your local host with apoctl installed, set a TARGET_NS environment variable containing the Microsegmentation namespace of the cluster.
    Linux
    export TARGET_NS=/acme/aws-dev/k8s-cluster-01
    Windows
    $env:TARGET_NS="/acme/aws-dev/k8s-cluster-01"
  2. Use the following command to uninstall the DaemonSet enforcer.
    Linux
    apoctl enforcer uninstall kubernetes --enforcer-namespace $TARGET_NS \ --api $MICROSEG_API
    Windows
    apoctl enforcer uninstall kubernetes --enforcer-namespace $($env:TARGET_NS) \ --api $($env:MICROSEG_API)
    We detail the apoctl enforcer uninstall kubernetes command further in the reference documentation. You can also run apoctl enforcer uninstall kubernetes -h to review its flags.
  3. Open the Microsegmentation Console web interface, select
    Enforcers
    under
    Manage
    , and navigate to the enforcer’s namespace.
    The enforcer should be absent.

Recommended For You