Clean up the application environment resources

This topic tells you how to remove all the resources that were created during the setup of the infrastructure and the application environment. The clean-up includes the following resources:

  • Space
  • Cluster
  • AWS VPC

  • AWS account in Tanzu Platform

    The process also deletes the monitoring resources that were created.

Delete a Space

Deleting a Space will delete all the application resources within the Space, including any applications and dependent resources such as Route53 records.

You can delete a Space using either Tanzu Platform hub or the Tanzu CLI.

UI-based steps
In Tanzu Platform hub:
  1. Navigate to Application Platform > Application Engine > Spaces on the left hand navigation.
  2. Click the three dots next to the Space you wish to delete.
  3. Select Delete Space.
  4. Enter the name of the Space to confirm the delete.
  5. Click Delete.
Tanzu CLI-based steps
Use the following Tanzu CLI command to delete the Space from the project. 
tanzu space delete <space name>

Delete an application

Deleting an application deletes the application itself and all of the related resources that were created during the build. The related resources vary according to the type of runtime, for example:

  • For a kubernetes-carvel-package runtime, the related resources are Package, PackageInstall, and the Secret for configuring the PackageInstall.
  • For a kubernetes-fluxcd-helm-chart runtime, the related resources are HelmRepository, HelmRelease, and Secret.

You can delete an application by using either the Tanzu Platform UI or the Tanzu CLI.

UI-based steps
In Tanzu Platform hub:
  1. Navigate to Application Spaces > Spaces on the left hand navigation.
  2. Select the Space in which the application is deployed and open the Space details.
  3. Select to the Applications Tab.
  4. Click Delete in the top right corner.
  5. Enter the name of the application to confirm the deletion.
Tanzu CLI-based steps
Use the following Tanzu CLI command to delete the application from the Space. 
tanzu app delete <app name>

Delete Kubernetes Clusters

Deleting clusters using Tanzu CLI is not currently supported.

To delete a cluster group from your project with Tanzu Platform hub, use the following steps:

  1. Navigate to Application Platform > Kubernetes Operations > Clusters on the left hand navigation.
  2. Click the vertical ellipsis next to the cluster you want to delete and click Delete.
  3. (Recommended) Select the radio button for Delete and remove resources.
  4. Enter the name of the cluster to confirm the deletion.
  5. Click Delete.

The cluster will now detach from the Tanzu Platform and initiate the deletion of the EKS node group and the control plane from AWS. The deletion process can take 30-45 minutes.

Delete the AWS VPC created for clusters

As part of the onboarding, if you created an AWS VPC and it’s no longer deleted, you can delete the VPC from your AWS account using the following steps:

  1. Open the AWS CloudFormation console.
  2. Select the radio button next to the VPC you created in Create VPC with Subnets section.
  3. Click Delete and confirm the deletion.

Remove AWS Account from Tanzu Platform

When the AWS Account was on-boarded to Tanzu Platform, resources were created within the AWS account in each region for event monitoring. Removing the account from the Tanzu Platform will cleanup these resources.

  1. Navigate to Administration > Set Up and Configure > Accounts on the left hand navigation.
  2. Expand the account that you added in Add AWS account to Tanzu Platform and click Delete

  3. Follow the instructions in the UI to Detach the cluster from the collection.

    Note

    Since the cluster has already been deleted, you can skip the steps for deleting the aria-k8s namespace in Step 1 of the instructions in the UI.

  4. Follow the instructions in the UI to deactivate event monitoring. This will remove the cloudformation templates in region that were created for event monitoring.

    Note

    This step requires the AWS CLI to be able to authenticate to your AWS account.

  5. After the event monitoring cleanup script is completed, click Delete Account to remove the AWS account from the Tanzu Platform.

Remove TanzuSecurityAudit role from AWS IAM

In the Add AWS Account step, you created a TanzuSecurityAudit role in your AWS account that gave AssumeRole permissions for Tanzu Platform. To remove this permission, do the following:

  1. Within the AWS Console, navigate to the IAM dashboard
  2. Click Roles and search for TanzuSecurityAudit
  3. Check the box next to the TanzuSecurityAudit role and click Delete
  4. Confirm deletion by typing the name of the role in the input field and click Delete

Remove EKS LCM Credential resources from AWS

In the Create EKS Credentials step, when you created a CloudFormation stack, a number of resources were created in your AWS account. The resources created include a CloudFormation stack, IAM roles/policies, Lambda functions, Cloud Watch Events, and an SSM parameter.

Note

Some of the resources that are created may be automatically cleaned up after the credential object is deleted in Tanzu Platform.

To remove the resources:

  1. Delete the credential resource on Tanzu Platform.

    1. In Tanzu Platform hub, go to Setup and Configuration > Credentials
    2. Select the credential you created for EKS LCM.
    3. Click Delete.

  2. Find and delete the Lambdas.

    To find the lambdas, from the AWS console, go to Lambda > Functions and search by tag.

    Tanzu adds two types of tags to the lambdas:

    • account-uid.cloud.vmware.com is the user account/org_id
    • account.tmc.cloud.vmware.com is the name of the credential

  3. Find and delete the Cloud Watch events.

    The Cloud Watch events are listed under the Amazon Event bridge rules. These have the same tags applied as above, and there are two event rules that correspond to the two Lambdas from the previous step.

  4. Search for the ssm parameter in the Amazon Systems Manager parameter store.

    There is one parameter that Tanzu uses called the agent token. It has the same two tags as the two Lambdas that Tanzu adds.

  5. Locate and delete the CloudFormation template.

    The CloudFormation template starts with eks-tmc-cloud-vmware-com-. It has a stack parameter of CredentialName with a value equal to the name of your credential in the Tanzu Platform.

    1. Select the stack.
    2. On the stack details page, click Delete. This removes the IAM role and associated IAM policies.

Remove GSLB Credential Stack from AWS

In the Create Route 53 GSLB credentials step, you created a CloudFormation stack which in turn created an IAM role and policy to support the GSLB function. To remove this permission, do the following:

  1. Delete the credential resource from the Tanzu Platform.

    1. In Tanzu Platform hub, go to Setup and Configuration > Credentials.
    2. Select the credential you created for GSLB.
    3. Click Delete.

  2. On the AWS Console,

    1. Go to the CloudFormation Dashboard.

    2. Find the CF Stack that was created for GSLB.

      It starts with gslb-hub-cloud-vmware-com-, and has a stack parameter of CredentialName with a value equal to the name of your credential in the Tanzu Platform.

    3. Select this stack.

    4. On the stack details page, click Delete to delete the stack.

      This removes the IAM role and associated IAM policies.

check-circle-line exclamation-circle-line close-line
Scroll to top icon