SUSE Support

Here When You Need Us

How to remove user addons or addons_include without deleting the resources

This document (000021852) is provided subject to the disclaimer at the end of this document.

Environment

  • A Rancher Kubernetes Engine (RKE) Kubernetes cluster provisioned by the RKE CLI or Rancher v2.x
  • kubectl access to the cluster with a kubeconfig sourced for a global admin or cluster owner user

Situation

You may want to update the user_addons or addons_include specifications in an RKE1 cluster.yaml definition without deleting the resources created during the initial deployment. For example, users who hardened an RKE1 cluster using Rancher versions 2.0 to 2.4 might have included the cattle-system namespace as a user addon (see [1]). However, an upgraded version of the hardened cluster.yaml file (see [2]) may no longer include this specification. If the cattle-system namespace is removed from the user_addons section, running the rke up operation will delete the namespace—and with it, Rancher itself.

This article explains how to update the cluster.yaml file while preserving the resources defined under user_addons or addons_include in a Rancher Kubernetes Engine (RKE) cluster.

[1] - https://ranchermanager.docs.rancher.com/v2.0-v2.4/reference-guides/rancher-security/rancher-v2.4-hardening-guides/hardening-guide-with-cis-v1.5-benchmark

[2] - https://ranchermanager.docs.rancher.com/v2.7/reference-guides/rancher-security/hardening-guides/rke1-hardening-guide#reference-hardened-rke-clusteryml-configuration

Resolution

  1. Perform a backup of the User Addon Jobs and related ConfigMaps
    kubectl -n kube-system get job rke-user-addon-deploy-job -o yaml > rke-user-addon-deploy-job-backup.yaml
    kubectl -n kube-system get job rke-user-includes-addons-deploy-job -o yaml > rke-user-includes-addons-deploy-job-backup.yaml
    kubectl -n kube-system get configmap rke-user-addon -o yaml > rke-user-addon-backup.yaml
    kubectl -n kube-system get configmap rke-user-includes-addons > rke-user-includes-addons-backup.yaml
  2. Delete the User Addon Jobs
    These Jobs are responsible for deploying user-defined addons. Removing them prevents re-application of outdated configurations.
    kubectl -n kube-system delete job rke-user-addon-deploy-job rke-user-includes-addons-deploy-job
    
  3. Delete the Related ConfigMaps
    Clean up the associated ConfigMaps for good measure. These contain the actual addon definitions that were applied by the Jobs.
    kubectl -n kube-system delete configmap rke-user-addon rke-user-includes-addons
    
  4. Perform the rke up operation
    Update the cluster with the new configuration. For RKE provisioned clusters, invoke rke up --cluster.yml (ensure the cluster.rkestate file is present in the working directory when invoking rke up). For Rancher provisioned clusters, click Save in the Rancher UI Edit as YAML view.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021852
  • Creation Date: 27-May-2025
  • Modified Date:04-Jun-2025
    • SUSE Rancher

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.