Clean Up
Steps to perform a clean up of all deployments, services and volumes.
Wazuh cluster
The deployment of the Wazuh cluster of managers involves the use of different StatefulSet elements as well as configuration maps and services.
First, remove the services related to the Wazuh cluster.
List the services created:
$ kubectl get services --namespace wazuh NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE elasticsearch ClusterIP 172.20.247.17 <none> 9200/TCP 6d kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d logstash ClusterIP 172.20.160.68 <none> 5000/TCP 6d wazuh LoadBalancer 172.20.240.162 internal-ae32... 1515:30732/TCP,55000:30839/TCP 6d wazuh-cluster ClusterIP None <none> 1516/TCP 6d wazuh-elasticsearch ClusterIP None <none> 9300/TCP 6d wazuh-nginx LoadBalancer 172.20.166.239 internal-ac0c... 80:30409/TCP,443:32575/TCP 6d wazuh-workers LoadBalancer 172.20.17.252 internal-aec3... 1514:32047/TCP 6d
Delete the corresponding services:
$ kubectl delete service wazuh-cluster --namespace wazuh $ kubectl delete service wazuh-workers --namespace wazuh $ kubectl delete service wazuh --namespace wazuh
Remove the StatefulSet elements.
$ kubectl get StatefulSet --namespace wazuh NAME DESIRED CURRENT AGE wazuh-elasticsearch 1 1 6d wazuh-manager-master 1 1 6d wazuh-manager-worker-0 1 1 6d wazuh-manager-worker-1 1 1 6d
Remove all the StatefulSet elements of the Wazuh cluster:
$ kubectl delete StatefulSet wazuh-manager-master --namespace wazuh $ kubectl delete StatefulSet wazuh-manager-worker-0 --namespace wazuh $ kubectl delete StatefulSet wazuh-manager-worker-1 --namespace wazuh
Remove the configuration maps.
$ kubectl get ConfigMap --namespace wazuh NAME DATA AGE wazuh-manager-master-conf 1 6d wazuh-manager-worker-0-conf 1 6d wazuh-manager-worker-1-conf 1 6d $ kubectl delete ConfigMap wazuh-manager-master-conf --namespace wazuh $ kubectl delete ConfigMap wazuh-manager-worker-0-conf --namespace wazuh $ kubectl delete ConfigMap wazuh-manager-worker-1-conf --namespace wazuh
Remove the persistent volume claims.
$ kubectl get persistentvolumeclaim --namespace wazuh NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE wazuh-elasticsearch-wazuh-elasticsearch-0 Bound pvc-b3226ad3-f7c4-11e8-b9b8-022ada63b4ac 30Gi RWO gp2-encrypted-retained 6d wazuh-manager-master-wazuh-manager-master-0 Bound pvc-fb821971-f7c4-11e8-b9b8-022ada63b4ac 10Gi RWO gp2-encrypted-retained 6d wazuh-manager-worker-wazuh-manager-worker-0-0 Bound pvc-ffe7bf66-f7c4-11e8-b9b8-022ada63b4ac 10Gi RWO gp2-encrypted-retained 6d wazuh-manager-worker-wazuh-manager-worker-1-0 Bound pvc-024466da-f7c5-11e8-b9b8-022ada63b4ac 10Gi RWO gp2-encrypted-retained 6d $ kubectl delete persistentvolumeclaim wazuh-manager-master-wazuh-manager-master-0 --namespace wazuh $ kubectl delete persistentvolumeclaim wazuh-manager-master-wazuh-manager-worker-0-0 --namespace wazuh $ kubectl delete persistentvolumeclaim wazuh-manager-master-wazuh-manager-worker-1-0 --namespace wazuh
Last step, remove the persistent volumes.
$ kubectl get persistentvolume NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-024466da-f7c5-11e8-b9b8-022ada63b4ac 10Gi RWO Retain Bound wazuh/wazuh-manager-worker-wazuh-manager-worker-1-0 gp2-encrypted-retained 6d pvc-b3226ad3-f7c4-11e8-b9b8-022ada63b4ac 30Gi RWO Retain Bound wazuh/wazuh-elasticsearch-wazuh-elasticsearch-0 gp2-encrypted-retained 6d pvc-fb821971-f7c4-11e8-b9b8-022ada63b4ac 10Gi RWO Retain Bound wazuh/wazuh-manager-master-wazuh-manager-master-0 gp2-encrypted-retained 6d pvc-ffe7bf66-f7c4-11e8-b9b8-022ada63b4ac 10Gi RWO Retain Bound wazuh/wazuh-manager-worker-wazuh-manager-worker-0-0 gp2-encrypted-retained 6d $ kubectl delete persistentvolume pvc-fb821971-f7c4-11e8-b9b8-022ada63b4ac $ kubectl delete persistentvolume pvc-ffe7bf66-f7c4-11e8-b9b8-022ada63b4ac $ kubectl delete persistentvolume pvc-024466da-f7c5-11e8-b9b8-022ada63b4ac
Elasticsearch
The first step is to remove the services related to Elasticsearch.
$ kubectl get services --namespace wazuh NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE elasticsearch ClusterIP 172.20.247.17 <none> 9200/TCP 6d kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d logstash ClusterIP 172.20.160.68 <none> 5000/TCP 6d wazuh-elasticsearch ClusterIP None <none> 9300/TCP 6d wazuh-nginx LoadBalancer 172.20.166.239 internal-ac0c... 80:30409/TCP,443:32575/TCP 6d $ kubectl delete service elasticsearch --namespace wazuh $ kubectl delete service wazuh-elasticsearch --namespace wazuh
Remove the StatefulSet elements.
$ kubectl get StatefulSet --namespace wazuh NAME DESIRED CURRENT AGE wazuh-elasticsearch 1 1 6d $ kubectl delete StatefulSet wazuh-elasticsearch --namespace wazuh
Remove the persistent volume claims.
$ kubectl get persistentvolumeclaim --namespace wazuh NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE wazuh-elasticsearch-wazuh-elasticsearch-0 Bound pvc-b3226ad3-f7c4-11e8-b9b8-022ada63b4ac 30Gi RWO gp2-encrypted-retained 6d $ kubectl delete persistentvolumeclaim wazuh-elasticsearch-wazuh-elasticsearch-0 --namespace wazuh
Remove the persistent volumes.
$ kubectl get persistentvolume NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE pvc-024466da-f7c5-11e8-b9b8-022ada63b4ac 10Gi RWO Retain Released wazuh/wazuh-manager-worker-wazuh-manager-worker-1-0 gp2-encrypted-retained 6d pvc-b3226ad3-f7c4-11e8-b9b8-022ada63b4ac 30Gi RWO Retain Bound wazuh/wazuh-elasticsearch-wazuh-elasticsearch-0 gp2-encrypted-retained 6d pvc-fb821971-f7c4-11e8-b9b8-022ada63b4ac 10Gi RWO Retain Released wazuh/wazuh-manager-master-wazuh-manager-master-0 gp2-encrypted-retained 6d pvc-ffe7bf66-f7c4-11e8-b9b8-022ada63b4ac 10Gi RWO Retain Released wazuh/wazuh-manager-worker-wazuh-manager-worker-0-0 gp2-encrypted-retained 6d $ kubectl delete persistentvolume pvc-b3226ad3-f7c4-11e8-b9b8-022ada63b4ac
Logstash
The first step is to remove the services related to Logstash.
$ kubectl get services --namespace wazuh NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d logstash ClusterIP 172.20.160.68 <none> 5000/TCP 6d wazuh-nginx LoadBalancer 172.20.166.239 internal-ac0c... 80:30409/TCP,443:32575/TCP 6d $ kubectl delete service logstash --namespace wazuh
Remove the deployment.
$ kubectl get deploy --namespace wazuh NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE wazuh-kibana 1 1 1 1 6d wazuh-logstash 1 1 1 1 6d wazuh-nginx 1 1 1 1 6d $ kubectl delete deploy wazuh-logstash --namespace wazuh
Kibana and Nginx
First, remove the services related to Kibana and Nginx.
$ kubectl get services --namespace wazuh NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kibana ClusterIP 172.20.121.19 <none> 5601/TCP 6d wazuh-nginx LoadBalancer 172.20.166.239 internal-ac0c... 80:30409/TCP,443:32575/TCP 6d $ kubectl delete service kibana --namespace wazuh $ kubectl delete service wazuh-nginx --namespace wazuh
Remove the deployments.
$ kubectl get deploy --namespace wazuh NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE wazuh-kibana 1 1 1 1 6d wazuh-nginx 1 1 1 1 6d $ kubectl delete deploy wazuh-kibana --namespace wazuh $ kubectl delete deploy wazuh-nginx --namespace wazuh
Warning
Do not forget to delete the volumes manually in AWS.