Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Destroy steps for istio pattern is timing out and failing due to VPC depency errors #1843

Closed
1 task done
iamsouravin opened this issue Dec 12, 2023 · 0 comments · Fixed by #1844
Closed
1 task done

Destroy steps for istio pattern is timing out and failing due to VPC depency errors #1843

iamsouravin opened this issue Dec 12, 2023 · 0 comments · Fixed by #1844

Comments

@iamsouravin
Copy link
Contributor

Description

The AWS Load Balancer Controller add-on asynchronously reconciles resource deletions.
During stack destruction, the istio ingress resource and the load balancer controller
add-on are deleted in quick succession, preventing the removal of some of the AWS
resources associated with the ingress gateway load balancer like, the frontend and the
backend security groups.
This causes the final terraform destroy -auto-approve command to timeout and fail with VPC dependency errors like below:

╷
│ Error: deleting EC2 VPC (vpc-xxx): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: xxxx-xxxx-xxxx-xxxx-xxxx, api error DependencyViolation: The vpc 'vpc-xxxx' has dependencies and cannot be deleted.
│ 
│ 
╵
  • ✋ I have searched the open/closed issues and my issue is not listed.

Versions

  • Module version [Required]:
{"Key":"eks_blueprints_addons","Source":"registry.terraform.io/aws-ia/eks-blueprints-addons/aws","Version":"1.12.0"}
  • Terraform version:
Terraform v1.6.5
on darwin_arm64
  • Provider version(s):
registry.terraform.io/hashicorp/aws v5.30.0
registry.terraform.io/hashicorp/cloudinit v2.3.3
registry.terraform.io/hashicorp/helm v2.12.1
registry.terraform.io/hashicorp/kubernetes v2.24.0
registry.terraform.io/hashicorp/time v0.10.0
registry.terraform.io/hashicorp/tls v4.0.5

Reproduction Code [Required]

Steps to reproduce the behavior:

  1. Deploy the pattern following the steps in Deploy
  2. Destroy the stack following the steps in Destroy

Expected behaviour

The stack should be successfully destroyed. The expected terminal output should look like below:

Destroy complete! Resources: xx destroyed.

Actual behaviour

The final terraform destroy -auto-approve command times out and fails with VPC dependency errors like below:

╷
│ Error: deleting EC2 VPC (vpc-xxx): operation error EC2: DeleteVpc, https response error StatusCode: 400, RequestID: xxxx-xxxx-xxxx-xxxx-xxxx, api error DependencyViolation: The vpc 'vpc-xxxx' has dependencies and cannot be deleted.
│ 
│ 
╵

Additional context

There should be a delay between deletion of istio-ingress and aws-load-balancer-controller to allow the controller time to delete the security groups.

Possible workarounds:

A possible workaround is to manually uninstall the istio-ingress helm chart before executing the steps in Destroy.

# Manually uninstall the istio-ingress helm chart
terraform destroy -target='module.eks_blueprints_addons.helm_release.this["istio-ingress"]' -auto-approve

Once the chart is uninstalled move on to destroy the stack.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Add uninstall before destroy (#1843)
1 participant
@iamsouravin