terraform-aws-eks-blueprints icon indicating copy to clipboard operation
terraform-aws-eks-blueprints copied to clipboard

Published 20 hours ago verified publisher icon aws-ia

Consolidate and enrich destroy instructions

Open timblaktu opened this issue 2 years ago • 3 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

What is the outcome that you are trying to reach?

I would like to see the various instructions for how to destroy eks_blueprints consolidated, and in a single place, or at least properly inter-linked so that it is easy and obvious to users what superset of problems exist that necessitate a controlled destroy sequence at all.

At first glance, we have:

  1. https://aws-ia.github.io/terraform-aws-eks-blueprints/v4.18.0/getting-started/#cleanup
  2. https://github.com/aws-ia/terraform-aws-eks-blueprints/blob/main/FAQ.md#timeouts-on-destroy
  3. specific recommendations embedded within each example project - https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/examples

This is a follow up on the issue I raised which was apparently caused by the well-known "leaky vpc eni" issue, and closed from inactivity. As I now have time to return to the issue (bc I'm still seeing "can't delete X bc Y has dependencies issues presumably caused by leaky eni), I made a comment, then realized it's best to create a new issue, so here we are.

Describe the solution you would like

  1. Decide on what is the single-source-of-truth for this information (probably 1 above)

  2. Create a list of all known bugs, race conditions, and as-design-terraform-isms that require workarounds

  3. Embellish the official destroy sequence list with references to ALL of these workarounds inserted in the relevant stage of the destroy sequence.

  4. Improve the instructions by showing the user how to do all the steps. For the most part, this is already well done, but an example of where this is not is in the case of the "Timeouts on Destroy" FAQ, it's not specified how long to wait, nor how to destroy the VPC ENI.

Describe alternatives you have considered

Spend days diving deep into relevant modules and answering these questions myself, not benefiting other users.

Additional context

timblaktu avatar Dec 05 '22 15:12 timblaktu

Re: how to "Delete VPC ENI", searching eks_blueprints for vpc and/or cni, I found references to it from the amazon_vpc_cni configmap and eni_config manifest, so I implemented:

time terraform destroy -refresh=false
-target="module.eks_blueprints.kubernetes_config_map.amazon_vpc_cni"
-target="kubectl_manifest.eni_config"

Also found eni_delete input to the node groups. Can someone enlighten me on what is to be done in step 3 in the FAQ?

timblaktu avatar Dec 05 '22 16:12 timblaktu

Also, in step 1 in the FAQ:

  1. delete all pods that have been created in the cluster

am I to take this literally and kubectl delete all --all --all-namespaces at the start, or does this mean something else? How is this "delete all pods" supposed to integrate/relate to destroying k8s_addons submodule in the desired destroy sequence?

timblaktu avatar Dec 05 '22 22:12 timblaktu

Might want to add kubectl delete Mutatingwebhookconfigurations,validatingwebhookconfigurations --all --all-namespaces

dfroberg avatar Dec 12 '22 09:12 dfroberg

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Jan 12 '23 00:01 github-actions[bot]

Issue closed due to inactivity.

github-actions[bot] avatar Jan 23 '23 00:01 github-actions[bot]