Removing Kaspersky Next XDR Expert components and management web plug-ins
KDT allows you to remove all Kaspersky Next XDR Expert components installed in the Kubernetes cluster, the cluster itself, and the KUMA services installed outside the cluster. By using KDT, you can also remove the management web plug-ins of Kaspersky applications, for example, the plug-in of Kaspersky Endpoint Security for Windows.
Removing Kaspersky Next XDR Expert
To remove the Kaspersky Next XDR Expert components and related data:
On the administrator host, run the following command:
./kdt remove --allAll Kaspersky Next XDR Expert components installed in the Kubernetes cluster and the cluster itself are removed. If you installed a DBMS inside the cluster, the DBMS is removed, too.
Also, KDT removes the KUMA services installed outside the cluster on the hosts that were specified in the inventory file.
Data related to the Kaspersky Next XDR Expert components is deleted from the administrator host.
If the administrator host does not have network access to a target host, removing the components is interrupted. You can restore network access and restart the removal of Kaspersky Next XDR Expert. Alternatively, you can remove the Kaspersky Next XDR Expert components from the target hosts manually (refer to the next instruction).
If you use multiple Kubernetes clusters managing by contexts, this command removes only the current Kubernetes context, the corresponding cluster, and the Kaspersky Next XDR Expert components installed in the cluster. Other contexts and their clusters with Kaspersky Next XDR Expert instances are not removed.
- Remove the DBMS and data related to the Kaspersky Next XDR Expert components manually, if you installed the DBMS on a separate server outside the cluster.
- Close the ports used by Kaspersky Next XDR Expert that were opened during the deployment, if needed. These ports are not closed automatically.
Remove the operating system packages that were automatically installed during the deployment, if needed. These packages are not removed automatically.
- Remove KDT and the contents of the
/home/kdtand/home/.kdtdirectories.
The Kaspersky Next XDR Expert components, DBMS, and related data are removed, and the ports used by Kaspersky Next XDR Expert are closed.
To remove the Kaspersky Next XDR Expert components from the target hosts manually:
On the target host, run the following command to stop the k0s service:
/usr/local/bin/k0s stopRemove the contents of the following directories:
Required directories:
/etc/k0s//var/lib/k0s//usr/libexec/k0s//usr/local/bin/
Optional directories:
/var/lib/containerd//var/cache/k0s//var/cache/kubelet//var/cache/containerd/
You can remove the
/var/lib/containerd/and/var/cache/containerd/directories if the containerd service is used only for the function of Kaspersky Next XDR Expert. Otherwise, your data contained in the/var/lib/containerd/and/var/cache/containerd/directories may be lost.Contents of the
/var/cache/k0s/,/var/cache/kubelet/, and/var/cache/containerd/directories is automatically removed after you restart the target host. You do not have to clear these folders manually.
The Kaspersky Next XDR Expert components are deleted from the target hosts.
Removing management web plug-ins
You can remove the management web plug-ins of Kaspersky applications that provide additional functionality for Kaspersky Next XDR Expert. The Kaspersky Next XDR Expert services plug-ins are used for the correct function of Kaspersky Next XDR Expert and cannot be removed (for example, the plug-in of Incident Response Platform).
To remove a management web plug-in:
If needed, run the following command to obtain the name of the plug-in that you want to remove:
./kdt statusThe list of components is displayed.
On the administrator host, run the following command. Specify the name of the plug-in that you want to remove:
./kdt remove --cnab <plug-in_name>
The specified management web plug-in is removed by KDT.
