How to delete protected NSX-T objects created by PKS

In my previous blogpost, I explained how to remove a failed PKS cluster by removing the BOSH deployment using the BOSH CLI. Removing the BOSH deployment does not remove the NSX-T objects however. Manually deleting these NSX-T objects using the GUI is prohibited because these objects are supposed to be managed by PKS and are so called “protected objects”

To manually remove these objects, we need to leverage the NSX-T API. I’m using Postman to access the API:
Authorize against the NSX-T Manager using Basic Authentication:

Set the headers
Content-Type: Application/xml
X-Allow-Overwrite: true
Issue the following API calls:
Logical Router
DELETE | https://[NSX-Manager]/api/v1/logical-routers/[ID]?force=true
Logical Switch:
DELETE | https://[NSX-Manager]/api/v1/logical-switches/[ID]?detach=true&cascade=true
IP Subnet:
DELETE | https://[NSX-Manager]/api/v1/pools/ip-subnets/[ID]
You can either collect the IDs using the NSX Manager GUI:

… or by querying the API using a GET call.

GET | https://[NSX-MANAGER]/api/v1/logical-routers/
Very nice and clean write-up. worked impressively