Skip to content

How to remove user addons or addons_include without deleting the resources

Article Number: 000021852

Environment

  • A Rancher Kubernetes Engine (RKE) Kubernetes cluster provisioned by the RKE CLI or Rancher v2.x
  • kubectl access to the cluster with a kubeconfig sourced for a global admin or cluster owner user

Situation

You may want to update the user_addons or addons_include specifications in an RKE1 cluster.yaml definition without deleting the resources created during the initial deployment. For example, users who hardened an RKE1 cluster using Rancher versions 2.0 to 2.4 might have included the cattle-system namespace as a user addon (see [1]). However, an upgraded version of the hardened cluster.yaml file (see [2]) may no longer include this specification. If the cattle-system namespace is removed from the user_addons section, running the rke up operation will delete the namespace—and with it, Rancher itself.

This article explains how to update the cluster.yaml file while preserving the resources defined under user_addons or addons_include in a Rancher Kubernetes Engine (RKE) cluster.

[1] - https://ranchermanager.docs.rancher.com/v2.0-v2.4/reference-guides/rancher-security/rancher-v2.4-hardening-guides/hardening-guide-with-cis-v1.5-benchmark

[2] - https://ranchermanager.docs.rancher.com/v2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide#reference-hardened-rke-clusteryml-configuration

Resolution

  1. Perform a backup of the User Addon Jobs and related ConfigMaps

kubectl -n kube-system get job rke-user-addon-deploy-job -o yaml > rke-user-addon-deploy-job-backup.yaml
kubectl -n kube-system get job rke-user-includes-addons-deploy-job -o yaml > rke-user-includes-addons-deploy-job-backup.yaml
kubectl -n kube-system get configmap rke-user-addon -o yaml > rke-user-addon-backup.yaml
kubectl -n kube-system get configmap rke-user-includes-addons > rke-user-includes-addons-backup.yaml
2. Delete the User Addon Jobs
These Jobs are responsible for deploying user-defined addons. Removing them prevents re-application of outdated configurations.

kubectl -n kube-system delete job rke-user-addon-deploy-job rke-user-includes-addons-deploy-job
3. Delete the Related ConfigMaps
Clean up the associated ConfigMaps for good measure. These contain the actual addon definitions that were applied by the Jobs.

kubectl -n kube-system delete configmap rke-user-addon rke-user-includes-addons
4. Perform the rke up operation
Update the cluster with the new configuration. For RKE provisioned clusters, invoke rke up --cluster.yml (ensure the cluster.rkestate file is present in the working directory when invoking rke up ). For Rancher provisioned clusters, click Save in the Rancher UI Edit as YAML view.