Uninstall Scanner / Hook
If you want to uninstall every scanner and every hook you can simply delete the namespace in which they were installed (if you did not install any resources you still need in the same namespace).
If you want to uninstall specific scanners or hooks you can delete them via
helm. For example if you installed nmap using
helm install nmap secureCodeBox/nmap --version v2.0.0-rc.11 you can delete nmap like this:
If you want to delete some CascadingRules you can do so using
For example if you want to uninstall a Cascading Rule for nmap:
Uninstall the Operator and Its Roles, ServiceAccounts and RoleBindings
To uninstall the operator it is not enough to delete the operator via
helm because the operator creates Roles, ServiceAccounts and RoleBindings used by parsers, lurchers and hooks in every namespace where scanners and hooks are executed. These cannot be uninstalled via helm because they cannot be referenced via Kubernetes OwnerReferences.
Make sure you delete all scans and uninstall all scanners/hooks before uninstalling the operator to avoid problems. First delete the namespace for the operator:
Delete Roles, RoleBindings and ServiceAccounts
The operator creates ServiceAccounts, Roles and RoleBindings in every namespace where scans / hooks are executed. You will have to delete these manually for each namespace where scans were scheduled. The given examples are valid only for scanners that were executed in the default namespace.
To list the ServiceAccounts, Roles and RoleBings that were created by the operator you can execute the follwing command:
To delete the Roles for lurcher and parser you can execute the following command:
To delete the RoleBindings for lurcher and parser you can execute:
To delete the ServiceAccounts for lurcher and parser you can execute:
Deleting the namespace of the operator will not delete the Custom Resource Definitions (CRDs) that were defined. To list all CRDs you can execute the following command:
To delete these CRDs you can execute the following command:
Some Resources like the elastic stack require a persistent volume. To list all persistent volumes in the default namespace you can execute:
To delete a persistent volume you can execute: