PKS NSX-T Cleanup Utility

There will eventually be a KB for this, but in the meantime I wanted to show how you can clean up PKS created NSX-T resources in NSX-T manager. You may need to do this when a PKS cluster fails to create or delete properly, and doing it manually is tedious and error prone.

Please make sure you have valid backups of the NSX-T manager before proceeding.


  1. curl -LO
  2. chmod +x pks_cleanup_linux
  3. sudo mv pks_cleanup_linux /usr/local/bin/pks_cleanup


You can use the utility’s help system to see all of the options but the following shows an example run and has the required options:

pks_cleanup –mgr-ip= \
–username=admin \
–password=VMware1! \
–cluster=pks-18ef47d8-d4ac-4d6c-9d77-301860c3a98f \
–read-only=false \
–pks \
–floating-ip-pool-id=5a35b05c-70d4-4337-9f8e-b8b8533476c7 \

  • mgr-ip is your NSX-T manager
  • username and password for NSX-T manager
  • cluster is pks followed by the PKS cluster UUID you’re cleaning up
  • Setting read-only to true will show you what will be deleted but won’t actually delete anything.
  • pks specifies that you want to delete PKS created resources
  • floating-ip-pool-id is defined in NSX-T manager > Inventory > Groups > IP Pools
  • ip-block-id is the master/worker node IP pool defined in NSX-T manager > DDI > IPAM

You can ignore the following messages:

ResourceDeleteFunc(): unrecognized resource type: TIER0
ResourceCollectFunc(): unrecognized resource type: NatRule
ResourceDeleteFunc(): unrecognized resource type: NatRule


Since a lot of the parameters will usually be the same, I created this script so that you can just specify the PKS cluster UUID and the read-only mode.

Create file named and paste in the contents below. You’ll need to adjust the NSX constants at the beginning to match your environment:

#!/usr/bin/env bash
# FLOATING_IP_POOL_ID is LB pool defined in NSX-T manager > Inventory > Groups > IP Pools
# IP_BLOCK_ID is the node ip pool defined in NSX-T manager > DDI > IPAM
# Usage:
# Read-only mode: ./ <PKS_CLUSTER_UUID> true
# Delete mode: ./ <PKS_CLUSTER_UUID> false
pks_cleanup --mgr-ip ${NSX_MANAGER_IP} \
            --username ${NSX_MANAGER_USERNAME} \
            --password ${NSX_MANAGER_PASSWORD} \
            --cluster "pks-${PKS_CLUSTER_UUID}" \
            --read-only=${READ_ONLY} \
            --pks \
            --floating-ip-pool-id ${FLOATING_IP_POOL_ID} \
            --ip-block-id ${IP_BLOCK_ID}

Make the script executable

chmod +x

Run in read-only mode to see what would be deleted in NSX-T


Run in write mode to delete items in NSX-T


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s