How to delete protected NSX-T objects created by PKS

In my previous blogpost, I explained how to remove a failed PKS cluster by removing the BOSH deployment using the BOSH CLI. Removing the BOSH deployment does not remove the NSX-T objects however. Manually deleting these NSX-T objects using the GUI is prohibited because these objects are supposed to be managed by PKS and are so called “protected objects”

To manually remove these objects, we need to leverage the NSX-T API. I’m using Postman to access the API:

Authorize against the NSX-T Manager using Basic Authentication:

Set the headers

Content-Type: Application/xml
X-Allow-Overwrite: true

Issue the following API calls:

Logical Router

DELETE | https://[NSX-Manager]/api/v1/logical-routers/[ID]?force=true

Logical Switch:

DELETE | https://[NSX-Manager]/api/v1/logical-switches/[ID]?detach=true&cascade=true

IP Subnet:

DELETE | https://[NSX-Manager]/api/v1/pools/ip-subnets/[ID]

You can either collect the IDs using the NSX Manager GUI:

… or by querying the API using a GET call.

 GET | https://[NSX-MANAGER]/api/v1/logical-routers/