fix: Add uninstall before destroy (#1843) (#1844)

aws-ia · Dec 16, 2023 · 7305cd5 · 7305cd5
1 parent f4dc93e
commit 7305cd5
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/patterns/istio/README.md b/patterns/istio/README.md
@@ -295,6 +295,25 @@ kubectl port-forward svc/jaeger 16686:16686 -n istio-system
 
 ## Destroy
 
+The AWS Load Balancer Controller add-on asynchronously reconciles resource deletions.
+During stack destruction, the istio ingress resource and the load balancer controller
+add-on are deleted in quick succession, preventing the removal of some of the AWS
+resources associated with the ingress gateway load balancer like, the frontend and the
+backend security groups.
+This causes the final `terraform destroy -auto-approve` command to timeout and fail with VPC dependency errors like below:
+
+```text
+│ Error: deleting EC2 VPC (vpc-XXXX): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: XXXXX-XXXX-XXXX-XXXX-XXXXXX, api error DependencyViolation: The vpc 'vpc-XXXX' has dependencies and cannot be deleted.
+```
+
+A possible workaround is to manually uninstall the `istio-ingress` helm chart.
+
+```sh
+terraform destroy -target='module.eks_blueprints_addons.helm_release.this["istio-ingress"]' -auto-approve
+```
+
+Once the chart is uninstalled move on to destroy the stack.
+
 {%
    include-markdown "../../docs/_partials/destroy.md"
 %}